bug com_madeira

2006-09-28T00:00:00
ID SECURITYVULNS:DOC:14469
Type securityvulns
Reporter Securityvulns
Modified 2006-09-28T00:00:00

Description

lintah_|adv|_02@2006>=========<[mambo-com_madeira]<===>[php injek]

by : iFX a.k.a inversFX


[ apem-zigzag@telkom.net ] [ inversfx@yahoo.com ] [ ifx@cupu.us ]


locate : Indonesia, Jakarta

date : 21/09/2006

title : php backdoor & bug with in ;D

Developer : www.brightnet.co.uk << author of it ;D www.mamboserver.com


PoC :

  1. in 'photoupload.php' we can upload any file to the media's folder which have rwxrwxrwx permission ;D :

..... .....

    and have &#96;other&#96; access permission to access that file ;D
    then now time to backdooring ;D

    ex:
    1. upload your file to :
    http://localhost/administrator/components/com_madeira/photoupload.php
    2. access your file in :
    http://localhost/components/com_madeira/images/youruplodfile.php

in these section you get a few oportunity : 1. you can do RFI 2. you can delete any file in that folder 3. you can deface any picture which products 4. hmm, maybe you can see picture ;D 5. find it by your self :D


origin : http://cupu.us/adv/


So you can find the dork by your self oK! ;D sory for my words In English, cuz I often REMED!!!


iFX Said, and greet : ================================================> Lintah :


iFX aka inversFX
BJ aka Blue_Jaccker Sin~X aka Sin_Cross Xpl aka Xploid gM aka G4mm4 S3 aka Sock-3d BRO aka BiG_ReD_OnE fZ aka FrezZe cTZ aka CuruTZ


/if our school not yet die then we didn't die \ \_______/ ================================================> nyubicrew :


solpot [baik hati suka menabung tidak sombong, dkk ;D] bius [Oi teman, makasih banget atas semua yang U ajarkan ke /me!, jarang2 ada hacker kaya' lu yang baek, :P] matdhule [rajanya bug nih orang, pasti setiap hari ngeluarin bug, wkwk :D] Fungky [Kayakna nih orang OLna tiap tengah malem mulu, jangan2 jangan2, jadi takut, wkwkwk :P] slacky [pasti kalo gw minta duit dikasi melulu ;", :)] Cow_1iseng [Nih orang kerjaannya makan mulu kayakna, wkwk :P] NpR [waduh ini orang kayakna strategis amat, nama tanpa wujud :D] thama [nih orang masih sekolah, tapi katanya ngga pernah ulangan << mungkin ga sich?? :? :D] lapet [ni orang baek banget, au' tuh kenape bisa begitu, namun gw salut deh ama lo om, hehe :D] setiawan [Oi jangan suka ngadalin orang oi, wkwk :D] theSnowbrain [Woi kali ngasi user ssh itu yang awet dan tahan lama donk ;D :)] dkk (Lupa gwe) << pokokna Solpot_Crew pada kocak2 deh... :D ================================================> Echo :


y3d1ps [Jarang OL nih orang kaya'na, so no comment :|] lirva32 [nih orang spik2na aja se-ember eh taunya slanker, kwkwkw =))] Bithedz [Oi jangan wardriving mulu om, ntar kena GIPS malah kepanasan WLAN lho, kwkw, kan badan lo terbikin dari GIPS, heueeheuhe :-@ :D] anomaly [tunggu pembalasanku kawan, jangan suka ngekick :) :D :P] ================================================> Kecoak :


cr45H3r [ngeselin Abis, gw jitak juga lo :[] :D :P] Cyb3rh3b [user friendly, wkwkwk] Cybertank [Rada gila, ngga konek gitu deh orang nya :P] Ceyen [waduh jangan kebanyakan makan dodol atuh!, no DODOl no cry ;D] bang_burung[Phoenix || loneEeagle] [Ngga jelas nicknya nih orang, tapi banyak riset tuh wkwk, good luck om burung!! :P] ================================================> No Community :


netcom [Setiap hari pasti punya masalah, sabar ya, tapi nih orang pasti punya stuff yang aneh2, bagi2 donk om kalo ada yg baru! :D] h34rt_br34ker [Yang pasti sich nih orang ada usaha tuk belajar ;D] x-ace [Kecil-kecil si cabe rawit, tapi kalo berusaha pasti bisa kok :P] x16 [Woi, you must learn Indo GAUL language!, wkwk :D] slackX [Wah nih orang pengalaman amet ama yang namanya pinguin, widih mantep dah :))] til [Woi cannelna masih OP semua ??, kwkwkw good luck! ] Silverant [Biasanya sich nih orang punya idventory yang baru2, soalna gw minta stuff2 dari dia] LasT COffin [Oi kuliahnya jangan banyak2 ntar kepala lu meledak lho :D] k1tk4t [wih ngga bisa ngomong gw, ama master phracker, takut gw, tapi nih orang `menurut` gw ilmu phrackingnya ya dia ini yang paling SUHU se DALNET, jangan sering jumper om ntar kesetrum :D] ================================================>================================================>================================================>================================================>================================================>


                                                           |OK | Apply | Cancel |
                                                           ----------------------