Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14469
HistorySep 28, 2006 - 12:00 a.m.

bug com_madeira

2006-09-2800:00:00
vulners.com
101

lintah_|adv|_02@2006>=========<[mambo-com_madeira]<===>[php injek]

by : iFX a.k.a inversFX


[ [email protected] ]
[ [email protected] ]
[ [email protected] ]

locate : Indonesia, Jakarta

date : 21/09/2006

title : php backdoor & bug with in ;D

Developer : www.brightnet.co.uk << author of it ;D
www.mamboserver.com

PoC :

  1. in 'photoupload.php' we can upload any file to the media's folder which have rwxrwxrwx permission ;D :


    and have &#96;other&#96; access permission to access that file ;D
    then now time to backdooring ;D

    ex:
    1. upload your file to :
    http://localhost/administrator/components/com_madeira/photoupload.php
    2. access your file in :
    http://localhost/components/com_madeira/images/youruplodfile.php         

in these section you get a few oportunity :

  1. you can do RFI
  2. you can delete any file in that folder
  3. you can deface any picture which products
  4. hmm, maybe you can see picture ;D
  5. find it by your self :D

origin :
http://cupu.us/adv/

So you can find the dork by your self oK! ;D
sory for my words In English, cuz I often REMED!!!


iFX Said, and greet :
================================================>
Lintah :

iFX aka inversFX
BJ aka Blue_Jaccker
Sin~X aka Sin_Cross
Xpl aka Xploid
gM aka G4mm4
S3 aka Sock-3d
BRO aka BiG_ReD_OnE
fZ aka FrezZe
cTZ aka CuruTZ


/if our school not yet die then we didn't die \
\_________________________________________________/
================================================>
nyubicrew :

solpot [baik hati suka menabung tidak sombong, dkk ;D]
bius [Oi teman, makasih banget atas semua yang U ajarkan ke /me!, jarang2 ada hacker kaya' lu yang baek, :P]
matdhule [rajanya bug nih orang, pasti setiap hari ngeluarin bug, wkwk :D]
Fungky [Kayakna nih orang OLna tiap tengah malem mulu, jangan2 jangan2, jadi takut, wkwkwk :P]
slacky [pasti kalo gw minta duit dikasi melulu ;", :)]
Cow_1iseng [Nih orang kerjaannya makan mulu kayakna, wkwk :P]
NpR [waduh ini orang kayakna strategis amat, nama tanpa wujud :D]
thama [nih orang masih sekolah, tapi katanya ngga pernah ulangan << mungkin ga sich?? :? :D]
lapet [ni orang baek banget, au' tuh kenape bisa begitu, namun gw salut deh ama lo om, hehe :D]
setiawan [Oi jangan suka ngadalin orang oi, wkwk :D]
theSnowbrain [Woi kali ngasi user ssh itu yang awet dan tahan lama donk ;D :)]
dkk (Lupa gwe) << pokokna Solpot_Crew pada kocak2 deh… :D
================================================>
Echo :

y3d1ps [Jarang OL nih orang kaya'na, so no comment :|]
lirva32 [nih orang spik2na aja se-ember eh taunya slanker, kwkwkw =))]
Bithedz [Oi jangan wardriving mulu om, ntar kena GIPS malah kepanasan WLAN lho, kwkw, kan badan lo terbikin dari GIPS, heueeheuhe :-@ :D]
anomaly [tunggu pembalasanku kawan, jangan suka ngekick :) :D :P]
================================================>
Kecoak :

cr45H3r [ngeselin Abis, gw jitak juga lo :[] :D :P]
Cyb3rh3b [user friendly, wkwkwk]
Cybertank [Rada gila, ngga konek gitu deh orang nya :P]
Ceyen [waduh jangan kebanyakan makan dodol atuh!, no DODOl no cry ;D]
bang_burung[Phoenix || loneEeagle] [Ngga jelas nicknya nih orang, tapi banyak riset tuh wkwk, good luck om burung!! :P]
================================================>
No Community :

netcom [Setiap hari pasti punya masalah, sabar ya, tapi nih orang pasti punya stuff yang aneh2, bagi2 donk om kalo ada yg baru! :D]
h34rt_br34ker [Yang pasti sich nih orang ada usaha tuk belajar ;D]
x-ace [Kecil-kecil si cabe rawit, tapi kalo berusaha pasti bisa kok :P]
x16 [Woi, you must learn Indo GAUL language!, wkwk :D]
slackX [Wah nih orang pengalaman amet ama yang namanya pinguin, widih mantep dah :))]
til [Woi cannelna masih OP semua ??, kwkwkw good luck! ]
Silverant [Biasanya sich nih orang punya idventory yang baru2, soalna gw minta stuff2 dari dia]
LasT COffin [Oi kuliahnya jangan banyak2 ntar kepala lu meledak lho :D]
k1tk4t [wih ngga bisa ngomong gw, ama master phracker, takut gw, tapi nih orang `menurut` gw ilmu phrackingnya ya dia ini yang paling SUHU se DALNET, jangan sering jumper om ntar kesetrum :D]
================================================>================================================>================================================>================================================>================================================>

                                                           |OK | Apply | Cancel |
                                                           ----------------------