CVE-2010-1875
Description
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component Property - Local File Inclusion
---------------------------------------------------------------------------------
Joomla Component Property Local File Inclusion
---------------------------------------------------------------------------------
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 22 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Property
Developer : este8an
License : GPL type : Non Commercial
Date Added : 22 January 2009
Download : http://www.com-property.com/download.html?func=select&id=2
Description :
Property is a new Real Estate component 100% FREE native Joomla 1.5.
compatible with sh404sef and joomfish.
Add Profiles (Agent data: Client is a user joomla registered)
Can change permissions in User Manager to 'Agent' , then this
user can publish various properties.
Control Panel
button Create Menus automatically creates menus in FrontEnd :
All Properties,
My Short List(Favorites),
My Panel(to publish properties),
My Profile.
You can change names after created.
---------------------------------------------------------------------------
how to exploit
http://localhost/index.php?option=com_properties&controller=[LFI]%00
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| com-property | com_properties | 3.1.22-03 | |
| joomla | joomla\! | | |
References
- http://secunia.com/advisories/39074
- http://www.exploit-db.com/exploits/11851
- http://www.osvdb.org/63143
- http://www.securityfocus.com/bid/38912
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57110
- http://secunia.com/advisories/39074
- http://www.exploit-db.com/exploits/11851
- http://www.osvdb.org/63143
- http://www.securityfocus.com/bid/38912
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57110
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.