RST/GHC – JOOMLA CMS – ADVISORY #37
Product: Joomla
Affected version: 1.0.7
Last version: 1.0.7
Vendor: Joomla!
URL: http://www.joomla.org/
online demo: http://demo.joomla.org/
VULNERABILITY CLASS: DoS, path disclosing
[Product Description]
Joomla! is a Content Management System (CMS) created by the same award-winning
team that brought the Mambo CMS to its current state of stardom.
[Summary]
An attacker can invoke some undesirable situations for server administrator.
[Details]
Exploit:
Vulnerable script: index.php?option=com_rss&feed=filename_here&no_html=1
An attacker can write simple code to soil the server by lots of cashed files.
To disclose real path - just put slash symbol in the filename.
[DISCLOSURE TIMELINE]
09/02/06 - vendor notification
26/02/06 - new release (1.0.8) with bugfix
bugs discovered by Foster
RST/GHC
http://rst.void.ru
http://www.ghc.ru