[VIM] Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability

str0ke str0ke at milw0rm.com
Sat Oct 13 15:02:40 UTC 2007


Thanks brotha for the info.  Fixing it up.

/str0ke

George A. Theall wrote:
> There seems to be a mistake in Milw0rm 4524... I downloaded the
> component and installed it. The affected file listed in the advisory,
> /components/com_colorlab/admin.color.php, does not exist. But
> /administrator/components/com_color/admin.color.php does exist and is
> affected.
>
> The only line in the file, other than the PHP tags, is:
>
>   include( "$mosConfig_live_site/components/com_color/about.html" );
>
> so register_globals is required for exploitation.
>
> George


More information about the VIM mailing list