[VIM] Joomla Media Local File Inclusion
George A. Theall
theall at tenable.com
Wed Mar 30 05:57:32 CDT 2011
Bugtraq 47043 looks questionable to me. There's no list of versions
affected or explanation of the vulnerability other than the PoC:
http://www.example.com/[path]/components/com_media/helpers/
media.php?file=[LFI]%00
And while Joomla includes the component in its distribution file in
many versions (it doesn't in Joomla 1.0.15, the only version from the
1.0.x series I checked), the supposedly affected file is nothing more
than a class file. It doesn't include / require any other files nor
have calls to include() or require() or its variants. At least in
Joomla versions 1.5.22, 1.6.1 (both current), 1.5.12, or 1.5.5.
Any thoughts, Rob?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list