Joomla Component Com_Projectfork

vendor:

Com_Projectfork

by:

ByALBAYX

7,5

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: Com_Projectfork

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component Com_Projectfork

A vulnerability in Joomla Component Com_Projectfork allows an attacker to include local files on the server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'section' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This may allow the attacker to include arbitrary local files on the server, resulting in the disclosure of sensitive information.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in the application.

Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------
@~~=Author   : ByALBAYX
                              
@~~=Website  : WWW.C4TEAM.ORG
---------------Ooooo-------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)
@~~=======================================~~@
@~~=Script   : Joomla Component Com_Projectfork

@~~=S.Site   : http://joomlapraise.com
@~~=======================================~~@

@~~=Vul      :

@~~=http://c4team.org/ [Yol] /index.php?option=com_projectfork&section=  [-LFI-]

@~~=Dork     : inurl:"com_projectfork"

@~~=http://kht.by.ru/Google.txt

@~~=Vs..

@~~=======================================~~@

@~~=:/

# milw0rm.com [2009-06-15]