[VIM] Joomla Component com_intuit LFI Vulnerability

George A. Theall theall at tenablesecurity.com
Tue Dec 29 01:44:32 UTC 2009

I just looked at the supposed local file include vulnerability in the  
Intuit Payment Gateway Component for Joomla, covered by Exploit-DB  
10730 / Bugtraq 37494. The code snippet doesn't even _look_ like a  
local file include attack:

[++] ERR0R CODE:
if ($response["approval"] != "")

Exploit DB helpfully includes a link to download the vulnerable app.  
If you look at it, one of the things you'll probably notice is that  
the first line of executable code in the affected file is:

   defined( '_JEXEC' ) or die( 'Restricted access' );

meaning if you try the PoC in the advisory -- and replace "component"  
with "components" -- you'll see "Restricted access" as the script  
fails right at the start.

Another thing you'll likely notice is that the supposedly affected  
code snippet lies in a class definition and indeed the entire file  
consists of the class definition so the PoC can't be used to access  
the supposedly vulnerable code even if the initial check for _JEXEC  
wasn't there.

theall at tenablesecurity.com

More information about the VIM mailing list