[ TITLE ....... ][ jNews (jnewscore7.5.1) information disclosure [ DATE ........ ][ 07.04.2012 [ AUTOHR ...... ][ http://hauntit.blogspot.com [ SOFT LINK ... ][ http://joomla.org [ VERSION ..... ][ 7.5.1 [ TESTED ON ... ][ LAMP [ ----------------------------------------------------------------------- [ [ 1. What is this? [ 2. What is the type of vulnerability? [ 3. Where is bug :) [ 4. More... [--------------------------------------------[ [ 1. What is this? This is very nice component to Joomla CMS, You should try it! ;) [--------------------------------------------[ [ 2. What is the type of vulnerability? Information disclosure. Normal user can add 'wrong input' to forms, and thats how he find out what is Your Joomla* location. [--------------------------------------------[ [ 3. Where is bug :) Its just an example, there are more info-disclo bugs in this component. Anyway: Go to: http://joomla/index.php/en/component/jnews/ to 'Search' something You want. At 'search' form type '. Thats all. For vulnerable php.ini You should see something like: "Warning: Invalid argument supplied for foreach() in /home/kuba/www/joomla/administrator/components/com_jnews/classes/class.mailing.php on line 70 Warning: array_merge() [function.array-merge]: Argument #1 is not an array in /home/kuba/www/joomla/administrator/components/com_jnews/classes/frontend.php on line 1667" Vulnerable parameter is 'emailsearch'. [--------------------------------------------[ [ 4. More... - http://joobi.co - http://www.joomla.org - http://hauntit.blogspot.com - http://www.google.com - http://portswigger.net [ [--------------------------------------------[ [ Ask me about new projects @ mail. ;) ] [ Best regards [