Re:joomla com_zimbcomment Components Local File Include vulnerability

[Sergio Tam <tam.sergio () gmail com>]

2013/9/25 <iedb.team () gmail com>:
> The joomla com_zimbcomment Components suffers from a Local File Include Vulnerability.
>
> #################################
>
> # Iranian Exploit DataBase Forum
>
> # http://iedb.ir/acc
>
> # http://iedb.ir
>
> #################################
>
> # Exploit Title : joomla com_zimbcomment Components Local File Include vulnerability
>
> # Author : Iranian Exploit DataBase
>
> # Discovered By : IeDb
>
> # Email : IeDb.Team () Gmail com
>
> # Id : o0_iedb_0o
>
> # Home : http://iedb.ir - http://iedb.ir/acc
>
> # Software Link : http://www.joomla.om/
>
> # Security Risk : High
>
> # Tested on : Linux
>
> # Dork : inurl:index.php?option=com_zimbcomment
>
> #################################
>
> # Expl0iTs :
>
> # http://www.Site.com/index.php?option=com_zimbcomment&controller=[LFI]
>
> # Dem0 :
>
> # http://cullarvega.freehostia.com/index.php?option=com_zimbcomment&controller=[LFI]
>
> #################################
>
> # Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - F??A±??ï?½iD - Medrik - Dj.TiniVini
>
> # B3hz4d - C0dex - Behnam Vanda - ErfanMs - E2MA3N - S!Y0U.T4r.6T - 0x0ptim0us - ARTA - dr.koderz
>
> # & All Member In Iedb.ir/acc & Iranian Hackers
>
> #################################
>
> # Exploit Archive = http://www.iedb.ir/exploits-611.html
>
> #################################




http://www.exploit-db.com/exploits/12283/

 [o] Joomla Component ZiMB Comment Local File Inclusion Vulnerability
Software : com_zimbcomment version 0.8.1
Vendor : http://www.zimbllc.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/