The 14 April 2010, Antisecurity has release a Joomla wgPicasa Component Local File Inclusion (LFI) exploit, published on Exploit Database as EDB-ID 12230. To attract the “bad guys” how will use this exploit, we published the 15 April a news containing, in the URL and the content of the news, some keywords to be the more attractive as possible 🙂 Most of the LFI scanners are using Google dorking methods to find a potential vulnerable target. So let get a good position in Google ranking.
Since the 15 April, we can see that this particular exploit is more targeted than other Local File Inclusion exploits, and the number of events are still increasing until we are one month after the exploit publication.
Also, we have some source IP how are really trying to get in 🙂
So, just one word, Joomla wgPicasa is in the hype, and really if you use Joomla, shutdown your server 🙂
Please upgrade to the lastest version. This exploited is quickly removed in April 2010.