Re: mtg_myhomepage Component For Mambo R.F.I
- From: "Carsten Eilers" <ceilers-lists@xxxxxx>
- Date: Sat, 19 Aug 2006 00:51:50 +0200
Hi,
Outlaw@xxxxxxxxxxxxxxxxx schrieb am Fri, 18 Aug 2006 04:29:43 +0000:
#Software: mtg_myhomepage Component For Mambo 4.5
#Vendor : http://www.kamgaing.com/
I can't find mtg_myhomepage, did you mean lmtg_myhomepage:
<http://mamboxchange.com/projects/myhomepage/>?
#Proof of Concept:
#install.lmtg_homepage.php?mosConfig_absolute_path= SHELL
Here a inclusion is possible. But since you include
your SHELL in a function you hat to start this function
after the inclusion.
And there is no call in this script. So this inclusion
is useles until you find a way to call the function.
#mtg_homepage.php?mosConfig_absolute_path= SHELL
There is no such file.
If you mean lmtg_myhomepage.php: This tests for direct
calls und dies. No way to include&excecute.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
- References:
- mtg_myhomepage Component For Mambo R.F.I
- From: Outlaw
- mtg_myhomepage Component For Mambo R.F.I
- Prev by Date: Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
- Next by Date: (exploit) firefox 1.5.0.6 linux DoS
- Previous by thread: mtg_myhomepage Component For Mambo R.F.I
- Next by thread: Joomla x-shop <= 1.7 Remote File Include Vulnerability
- Index(es):
