Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion

Related Vulnerabilities: CVE-2009-4604  
Publish Date: 10 Dec 2009

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author	: Don Tukulesto (
[!] Homepage	:
[!] Date	: December 10, 2009
[!] Tune In	: (choose your weapon)


[ Software Information ]

[+] Vendor :
[+] Download :
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode". 
    Muito mais aprimorado com dois bancos a mais  (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down


[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . '/administrator/components/com_mamboleto/include/pre.php');

[ Proof of Concept ]



[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ] 


[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg... beg... beg... begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!