header-logo
Suggest Exploit
vendor:
Imagebrowser
by:
Cr@zy_King
7.5
CVSS
HIGH
File Inclusion
98
CWE
Product Name: Imagebrowser
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Imagebrowser File Inc.

This vulnerability allows an attacker to include remote files on the server through the vulnerable Joomla Imagebrowser component. The vulnerable parameter is the ‘folder’ parameter which is not properly sanitized before being used in a file inclusion call. This can be exploited to include arbitrary files from remote hosts.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the Joomla Imagebrowser component.
Source

Exploit-DB raw data:

Joomla Imagebrowser File Inc.


Cr@zy_King / www.biyosecurity.com / sqL Lov3r'Z Crew Co. 2008


Down : http://www.joomlatr.org/index.php/component/remository/?func=fileinfo&id=129


FI   : http://127.0.0.1/index.php?option=com_imagebrowser&folder=../../../../


Grtz : aLL My Friend'z ... 

# milw0rm.com [2008-09-28]

Navigation

Suggest Exploit

Services By CQR