[VIM] Joomla Component com_intuit LFI Vulnerability
George A. Theall
theall at tenablesecurity.com
Tue Dec 29 01:44:32 UTC 2009
I just looked at the supposed local file include vulnerability in the
Intuit Payment Gateway Component for Joomla, covered by Exploit-DB
10730 / Bugtraq 37494. The code snippet doesn't even _look_ like a
local file include attack:
***************************************************************************************************************
[++] ERR0R CODE:
if ($response["approval"] != "")
{
//print_r($intuit_fields['succ_msg2']['g_value']);
****************************************************************************************************************
Exploit DB helpfully includes a link to download the vulnerable app.
If you look at it, one of the things you'll probably notice is that
the first line of executable code in the affected file is:
defined( '_JEXEC' ) or die( 'Restricted access' );
meaning if you try the PoC in the advisory -- and replace "component"
with "components" -- you'll see "Restricted access" as the script
fails right at the start.
Another thing you'll likely notice is that the supposedly affected
code snippet lies in a class definition and indeed the entire file
consists of the class definition so the PoC can't be used to access
the supposedly vulnerable code even if the initial check for _JEXEC
wasn't there.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list