CVE-2010-5286
published 2012-11-26CVE-2010-5286: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.38%
95.5th percentile
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
Detection & IOCsextracted from sources · hover to see the quote
- →Look for directory traversal sequences (e.g., ./../../) combined with null byte (%00) in the 'controller' parameter of requests targeting the com_jstore Joomla component (option=com_jstore). ↗
- →HTTP GET requests to index.php with both 'option=com_jstore' and a 'controller' parameter containing path traversal sequences should be flagged as exploitation attempts. ↗
- →A successful exploitation response will contain Unix /etc/passwd file content matching the pattern 'root:.*:0:0:'; monitor HTTP 200 responses to com_jstore requests for this pattern. ↗
- ·The null byte (%00) is used to terminate the file path string, bypassing extension appending. This technique is only effective on PHP versions vulnerable to null byte injection (typically PHP < 5.3.4). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jstore - 'Controller' Local File Inclusion
exploitdb·2010-10-13
CVE-2010-5286 Joomla! Component Jstore - 'Controller' Local File Inclusion
Joomla! Component Jstore - 'Controller' Local File Inclusion
---
source: https://www.securityfocus.com/bid/44053/info
The 'com_jstore' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
http://www.example.com/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00
Nuclei
Joomla! Component Jstore - 'Controller' Local File Inclusion
nuclei·CVSS 10.0
CVE-2010-5286 [CRITICAL] Joomla! Component Jstore - 'Controller' Local File Inclusion
Joomla! Component Jstore - 'Controller' Local File Inclusion
A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-5286
info:
name: Joomla! Component Jstore - 'Controller' Local File Inclusion
author: daffainfo
severity: critical
description: A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
impact: |
Arbitrary file inclusion leading to remote code execution
remediation: Upgrade to the latest version to mi
2012-11-26
Published