[VIM] Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability
George A. Theall
theall at tenablesecurity.com
Sat Oct 13 11:04:51 UTC 2007
There seems to be a mistake in Milw0rm 4524... I downloaded the
component and installed it. The affected file listed in the advisory,
/components/com_colorlab/admin.color.php, does not exist. But
/administrator/components/com_color/admin.color.php does exist and is
affected.
The only line in the file, other than the PHP tags, is:
include( "$mosConfig_live_site/components/com_color/about.html" );
so register_globals is required for exploitation.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list