[~]>> ...[BEGIN ADVISORY]... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> TITLE: Joomla (com_ccnewsletter) Directory Traversal Vulnerability [~]>> LANGUAGE: PHP [~]>> DORK: N/A [~]>> RESEARCHER: B-HUNT3|2 [~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com [~]>> TESTED ON: LocalHost [~]>> (( -- Sorry for not including a single advisory with this Component --)) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> DESCRIPTION: Input var controller is vulnerable to Directory Traversal Vuln [~]>> AFFECTED VERSIONS: Confirmed in 1.0.5 but probably other versions also [~]>> RISK: Medium/High [~]>> IMPACT: Access to all PHP files in WebServer (Null Byte is filtered) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> PROOF OF CONCEPT: [~]>> http://[SERVER]/[JOOMLA_PATH]/index.php?option=com_ccnewsletter&view=ccnewsletter&Itemid=87&controller=[-DT-] [~]>> [-DT-] --> ;) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> ...[END ADVISORY]...