LFI to RCE via access_log injection

MP3 Allopass Joomla Component 1.0 - RFI


[o] com_mp3_allopass joomla component Remote File Include Vulnerability
Software : com_mp3_allopass
Download : http://www.joomlaratings.com
Author : NoGe


[o] Vulnerable file
components/com_mp3_allopass/allopass.php
require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");
components/com_mp3_allopass/allopass-error.php
require_once("{$mosConfig_absolute_path}/components/com_mp3_allopass/allopass-conf.php");


[o] Publish
http://milw0rm.com/exploits/4507


Comments

labatterie said…
I am very glad to see such information which I was searching for a long time.