[VIM] Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability
str0ke
str0ke at milw0rm.com
Sat Oct 13 15:02:40 UTC 2007
Thanks brotha for the info. Fixing it up.
/str0ke
George A. Theall wrote:
> There seems to be a mistake in Milw0rm 4524... I downloaded the
> component and installed it. The affected file listed in the advisory,
> /components/com_colorlab/admin.color.php, does not exist. But
> /administrator/components/com_color/admin.color.php does exist and is
> affected.
>
> The only line in the file, other than the PHP tags, is:
>
> include( "$mosConfig_live_site/components/com_color/about.html" );
>
> so register_globals is required for exploitation.
>
> George
More information about the VIM
mailing list