The Joomla Property component suffers from a local file inclusion vulnerability.
f1c77cc20064cae43fb3d7c3379f7e84a45e6cb2d9906b106bb58c2c5fe81005---------------------------------------------------------------------------------
Joomla Component Property Local File Inclusion
---------------------------------------------------------------------------------
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 22 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Property
Developer : este8an
License : GPL type : Non Commercial
Date Added : 22 January 2009
Download : http://www.com-property.com/download.html?func=select&id=2
Demo : http://www.com-property.com/
Description :
Property is a new Real Estate component 100% FREE native Joomla 1.5.
compatible with sh404sef and joomfish.
Add Profiles (Agent data: Client is a user joomla registered)
Can change permissions in User Manager to 'Agent' , then this
user can publish various properties.
Control Panel
button Create Menus automatically creates menus in FrontEnd :
All Properties,
My Short List(Favorites),
My Panel(to publish properties),
My Profile.
You can change names after created.
---------------------------------------------------------------------------
how to exploit
http://localhost/index.php?option=com_properties&controller=[LFI]%00
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed