SecurityvulnsSECURITYVULNS:DOC:25957Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability
Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability
- OVERVIEW
Joomla! 1.6.0 is vulnerable to Full Path Disclosure.
- BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
model–view–controller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
support for language internationalization.
- VULNERABILITY DESCRIPTION
Direct access to a library file was not protected, which causes
revealing the full internal path of a server whose PHP setting is set
to show errors.
- VERSION AFFECTED
Joomla! 1.6.0
- PROOF-OF-CONCEPT/EXPLOIT
http://attacker.in/joomla160/libraries/phpmailer/language/phpmailer.lang-joomla.php
- SOLUTION
Upgrade to Joomla! 1.6.1 or higher
- VENDOR
Joomla! Developer Team
http://www.joomla.org
- CREDIT
Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
- DISCLOSURE TIME-LINE
2011-01-24: notified vendor
2011-03-08: vendor released fix
2011-03-23: vulnerability disclosed
- REFERENCES
Vendor Advisory URL:
http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.0]_full_path_disclosure
inspathx signature:
http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0
WASC-13: http://projects.webappsec.org/w/page/13246936/Information-Leakage
CWE-200: http://cwe.mitre.org/data/definitions/200.html
#yehg [2011-03-23]