Joomla! Multiple Full Path Disclosure Vulnerabilities

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Confidence 2013

5% Off any SANS course
Use Code: SecuriTeam_5

Hack In Paris

La Nuit du Hack

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner

This vulnerability could allow a malicious user to view the internal path information of the host due to some files were missing the check for JEXEC.

Credit:
The information has been provided by Juan Galiana Lara.

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Joomla! versions 1.5.12 and prior

Immune Systems:
* Joomla! version 1.5.13

Full path disclosure vulnerabilities enables an attacker to know the path to the web root. This information can be used in order to launch further attacks.
The attacker can get the full path of the instalation of Joomla! browsing to any of this urls:

http://example.com/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php
http://example.com/joomla-1.5.12/libraries/joomla/client/ldap.php
http://example.com/joomla-1.5.12/libraries/joomla/html/html/content.php

The information obtained contais the full path to the files:

Parse error: syntax error, unexpected T_CLONE, expecting T_STRING in /var/www/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php
on line 100

Fatal error: Class 'JObject' not found in /var/www/joomla-1.5.12/libraries/joomla/client/ldap.php on line 21
Fatal error: Class 'JLoader' not found in /var/www/joomla-1.5.12/libraries/joomla/html/html/content.php
on line 15

Disclosure Timeline:
July 21, 2009: Discovered by Internet Security Auditors.
July 21, 2009: Vendor contacted.
July 22, 2009: Joomla! publish update. Great job.
July 24, 2009: Advisory published.

blog comments powered by Disqus

	'ProFTPD Response Pool Use-After-Free Code Execution Vulnerability'
	'Insight Control for Linux Multiple Vulnerabilities'
	'HP-UX Running NFS/ONCplus Denial of Service Vulnerability'
	'HP-UX Running BIND Denial of Service Vulnerability 2011'
	'HP-UX Running XNTP Denial of Service Vulnerability'
	'HP-UX Denial of Service Vulnerability'
	'Webkit Detached Body Element Code Execution Vulnerability'
	'Mac OS X Compact Font Format Decoder Code Execution Vulnerability'
	'WebKit WBR Tag Removal Code Execution Vulnerability'
	'Webkit Undefined DOM Prototype Attach Code Execution Vulnerability'
	'Apple HFS Information Disclosure Vulnerability'
	'XPDF arbitrary Arbitrary Code Execution Vulnerabilities'
	'Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Code Execution Vulnerability'
	'Red Hat OpenJDK IcedTea6 ClassLoader Code Execution Vulnerability'
	'HP-UX Apache Running Tomcat Servlet Engine Remote Modification and Denial of Service Vulnerabilities'
	'Apple Webkit WholeText Integer Overflow Code Execution Vulnerability'
	'HP-UX Running OpenSSL Execution of Arbitrary Code and Denial of Service Vulnerabilities'
	'HP-UX CIFS Server execution of Arbitrary Code and Denial of Service Vulnerabilities'
	'HP-UX Running Threaded Processes Denial of Service Vulnerability'
	'HP-UX Apache-based Web Server Multiple Vulnerabilities'

Featured Articles

	'Samba 3.3.12 Memory Corruption Vulnerability'
	'KDE KGet Insecure File Operation Vulnerability'
	'KDE KGet Insecure File Operation Vulnerability'
	'KDE KGet Insecure File Operation Vulnerability'
	'Ziproxy Multiple Integer Overflow Vulnerabilities'
	'Mozilla Bugzilla Multiple Vulnerabilities'
	'Apple WebKit CSS Run-in Attribute Rendering Vulnerability'
	'Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability'
	'RADactive I-Load Multiple Vulnerabilities'
	'Plume CMS Multiple SQL Injection Vulnerabilities'
	'HP-UX Running IPFilter Remote Denial of Service'
	'Oracle Enterprise Manager SQL Injection Vulnerability'
	'Oracle BEA Weblogic Linked XSS vulnerability'
	'Joomla! Multiple Full Path Disclosure Vulnerabilities'
	'ILIAS LMS Multiple Artibrary Information Disclosure'
	'HP-UX Running NFS/ONCplus DoS'
	'Sun Solaris Integer Overflow Vulnerability'
	'Asterisk Multiple Vulnerabilities'
	'MapServer Multiple Vulnerabilities'
	'File-Find-Object Format String Vulnerability'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs