bug com_madeira
lintah_|adv|_02@2006>=========<[mambo-com_madeira]<===>[php injek]
by : iFX a.k.a inversFX
_______________________________
[ apem-zigzag@xxxxxxxxxx ]
[ inversfx@xxxxxxxxx ]
[ ifx@xxxxxxx ]
-------------------------------
locate : Indonesia, Jakarta
--------------------------------
date : 21/09/2006
--------------------------------
title : php backdoor & bug with in ;D
--------------------------------
Developer : www.brightnet.co.uk << author of it ;D
www.mamboserver.com
--------------------------------
PoC :
--------------------------------------------------------------------
1. in 'photoupload.php' we can upload any file to the media's folder which
have rwxrwxrwx permission ;D :
.....
.....
and have `other` access permission to access that file ;D
then now time to backdooring ;D
ex:
1. upload your file to :
http://localhost/administrator/components/com_madeira/photoupload.php
2. access your file in :
http://localhost/components/com_madeira/images/youruplodfile.php
in these section you get a few oportunity :
1. you can do RFI
2. you can delete any file in that folder
3. you can deface any picture which products
4. hmm, maybe you can see picture ;D
5. find it by your self :D
----------------------------------------------------------------------
origin :
http://cupu.us/adv/
----------------------------------------------------------------------
So you can find the dork by your self oK! ;D
sory for my words In English, cuz I often REMED!!!
-------------------------------------------------------------------------------------
iFX Said, and greet :
================================================>
Lintah :
--------------------------
iFX aka inversFX
BJ aka Blue_Jaccker
Sin~X aka Sin_Cross
Xpl aka Xploid
gM aka G4mm4
S3 aka Sock-3d
BRO aka BiG_ReD_OnE
fZ aka FrezZe
cTZ aka CuruTZ
_________________________________________________
/if our school not yet die then we didn't die \
\_________________________________________________/
================================================>
nyubicrew :
--------------------------
solpot [baik hati suka menabung tidak
sombong, dkk ;D]
bius [Oi teman, makasih banget atas
semua yang U ajarkan ke /me!, jarang2 ada hacker kaya' lu yang baek, :P]
matdhule [rajanya bug nih orang, pasti
setiap hari ngeluarin bug, wkwk :D]
Fungky [Kayakna nih orang OLna tiap
tengah malem mulu, jangan2 jangan2, jadi takut, wkwkwk :P]
slacky [pasti kalo gw minta duit dikasi
melulu ;", :)]
Cow_1iseng [Nih orang kerjaannya makan mulu
kayakna, wkwk :P]
NpR [waduh ini orang kayakna strategis
amat, nama tanpa wujud :D]
thama [nih orang masih sekolah, tapi
katanya ngga pernah ulangan << mungkin ga sich?? :? :D]
lapet [ni orang baek banget, au' tuh
kenape bisa begitu, namun gw salut deh ama lo om, hehe :D]
setiawan [Oi jangan suka ngadalin orang oi,
wkwk :D]
theSnowbrain [Woi kali ngasi user ssh itu yang
awet dan tahan lama donk ;D :)]
dkk (Lupa gwe) << pokokna Solpot_Crew pada kocak2 deh... :D
================================================>
Echo :
--------------------------
y3d1ps [Jarang OL nih orang kaya'na, so
no comment :|]
lirva32 [nih orang spik2na aja se-ember eh
taunya slanker, kwkwkw =))]
Bithedz [Oi jangan wardriving mulu om,
ntar kena GIPS malah kepanasan WLAN lho, kwkw, kan badan lo terbikin dari GIPS,
heueeheuhe :-@ :D]
anomaly [tunggu pembalasanku kawan, jangan
suka ngekick :) :D :P]
================================================>
Kecoak :
--------------------------
cr45H3r [ngeselin Abis, gw jitak juga lo
:[] :D :P]
Cyb3rh3b [user friendly, wkwkwk]
Cybertank [Rada gila, ngga konek gitu deh
orang nya :P]
Ceyen [waduh jangan kebanyakan makan
dodol atuh!, no DODOl no cry ;D]
bang_burung[Phoenix || loneEeagle] [Ngga jelas nicknya nih orang,
tapi banyak riset tuh wkwk, good luck om burung!! :P]
================================================>
No Community :
--------------------------
netcom [Setiap hari pasti punya masalah,
sabar ya, tapi nih orang pasti punya stuff yang aneh2, bagi2 donk om kalo ada
yg baru! :D]
h34rt_br34ker [Yang pasti sich nih orang ada
usaha tuk belajar ;D]
x-ace [Kecil-kecil si cabe rawit, tapi
kalo berusaha pasti bisa kok :P]
x16 [Woi, you must learn Indo GAUL
language!, wkwk :D]
slackX [Wah nih orang pengalaman amet ama
yang namanya pinguin, widih mantep dah :))]
til [Woi cannelna masih OP semua ??,
kwkwkw good luck! ]
Silverant [Biasanya sich nih orang punya
idventory yang baru2, soalna gw minta stuff2 dari dia]
LasT COffin [Oi kuliahnya jangan banyak2 ntar
kepala lu meledak lho :D]
k1tk4t [wih ngga bisa ngomong gw, ama
master phracker, takut gw, tapi nih orang `menurut` gw ilmu phrackingnya ya dia
ini yang paling SUHU se DALNET, jangan sering jumper om ntar kesetrum :D]
================================================>================================================>================================================>================================================>================================================>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|OK | Apply |
Cancel |
----------------------