Installation Path Disclosure Weakness in Joomla!

2011-03-24T00:00:00
ID HTB22915
Type htbridge
Reporter High-Tech Bridge
Modified 2011-12-20T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered a weakness in Joomla! which could be exploited to gain access to potentially sensitive information.

1) Installation path disclosure weakness in Joomla!
The weakness exists due to application reveals the full path to installation directory in an error message. A remote attacker can directly access the libraries/phpmailer/language/phpmailer.lang-joomla.php script and gain knowledge of the web root directory and other potentially sensitive information. Successful exploitation requires that php_display_errors variable is on.
Exploitation examples:
http://host/libraries/phpmailer/language/phpmailer.lang-joomla.php