Joomla! Simple File Lister Module "sflDir" Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA45792

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45792/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45792

RELEASE DATE:
2011-08-29
DESCRIPTION:
A vulnerability has been discovered in the Simple File Lister module
for Joomla!, which can be exploited by malicious people to disclose
system information.

Input passed via the "sflDir" parameter to index.php (when "option"
is set to "com_content", "view" is set to "article", and "id" is set)
is not properly verified in
modules/mod_simplefilelisterv1.0/helper.php before being used to list
files. This can be exploited to disclose the contents of arbitrary
directories via directory traversal attacks.

The vulnerability is confirmed in version 1.0. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
evilsocket

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/17736/