Search...

Restaurante Component for Joomla! Crafted File Extension Unrestricted Upload

2007-09-12T17:21:32

ID OSVDB:37175
Type osvdb
Reporter OSVDB
Modified 2007-09-12T17:21:32

Description

No description provided by the source

References:

Vendor URL: http://detodo.masde50.net/index.php?option=com_remository&Itemid=27&func=fileinfo&id=99 Secunia Advisory ID:26756 Other Advisory URL: http://milw0rm.com/exploits/4383 Mail List Post: http://www.attrition.org/pipermail/vim/2007-September/001779.html ISS X-Force ID: 36538 FrSIRT Advisory: ADV-2007-3139 CVE-2007-4817 Bugtraq ID: 25612

JSON Vulners Source

Initial Source

{"href": "https://vulners.com/osvdb/OSVDB:37175", "history": [], "id": "OSVDB:37175", "reporter": "OSVDB", "published": "2007-09-12T17:21:32", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://detodo.masde50.net/index.php?option=com_remository&Itemid=27&func=fileinfo&id=99\n[Secunia Advisory ID:26756](https://secuniaresearch.flexerasoftware.com/advisories/26756/)\nOther Advisory URL: http://milw0rm.com/exploits/4383\nMail List Post: http://www.attrition.org/pipermail/vim/2007-September/001779.html\nISS X-Force ID: 36538\nFrSIRT Advisory: ADV-2007-3139\n[CVE-2007-4817](https://vulners.com/cve/CVE-2007-4817)\nBugtraq ID: 25612\n", "title": "Restaurante Component for Joomla! Crafted File Extension Unrestricted Upload", "lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "8626246258e833410b4f971bdbd9ce2a8dac772bd6ecb59e9840316e279a0ac5", "references": [], "edition": 1, "cvelist": ["CVE-2007-4817"], "affectedSoftware": [], "viewCount": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4817"]}, {"type": "exploitdb", "idList": ["EDB-ID:4383"]}], "modified": "2017-04-28T13:20:33"}, "vulnersScore": 4.3}, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "5c5ab551115fc283b42ad042a1e43c69"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "587b9003dff50d34f8fbce68d6cdb919"}, {"key": "href", "hash": "362509740ad87e581196852bb350715e"}, {"key": "modified", "hash": "e1e142c42fdd76b689b53fcd948ae52e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "e1e142c42fdd76b689b53fcd948ae52e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "23123ec520041ebc2fbf14cd69769489"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "objectVersion": "1.2", "modified": "2007-09-12T17:21:32"}

{"cve": [{"lastseen": "2017-09-29T14:25:31", "bulletinFamily": "NVD", "description": "Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.", "modified": "2017-09-28T21:29:23", "published": "2007-09-11T15:17:00", "id": "CVE-2007-4817", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4817", "title": "CVE-2007-4817", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:48:11", "bulletinFamily": "exploit", "description": "Joomla Component Restaurante Remote File Upload Vulnerability. CVE-2007-4817. Webapps exploit for php platform", "modified": "2007-09-08T00:00:00", "published": "2007-09-08T00:00:00", "id": "EDB-ID:4383", "href": "https://www.exploit-db.com/exploits/4383/", "type": "exploitdb", "title": "Joomla Component Restaurante Remote File Upload Vulnerability", "sourceData": "Joomla Component Restaurante <= Remote File Upload Vulnerability\n\nfound by : Cold z3ro\n\nHomepage : www.hackteach.org , www.xp10.com\n\n================================================================\n\n@################################################################@\n# joomla/index.php?option=com_restaurante&task=upload\n#\n# /joomla/components/com_restaurante/img_original/.shell.php.jpg\n#\n# Dork : /index.php?option=com_restaurante\n@################################################################@\n\n\nAttacker can upload any file using this link\n\njoomla/index.php?option=com_restaurante&task=upload\n\nafter upload the file , He can find it in :\n\n/components/com_restaurante/img_original\n\nBut the attacker should add ( Point ) befor filename\n\nExample :\n\nif attacker uploaded file named shell.php.jpg\n\nits name will by like this .shell.php.jpg\n\nin path :\n\n/components/com_restaurante/img_original/.shell.php.jpg\n\n# milw0rm.com [2007-09-08]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4383/"}]}