header-logo
Suggest Exploit
vendor:
com_jejob
by:
Sid3^effects aKa HaRi
7,5
CVSS
HIGH
Local File Inclusion (LFI)
98
CWE
Product Name: com_jejob
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla com_jejob LFI Vulnerability

A Local File Inclusion (LFI) vulnerability exists in the Joomla com_jejob component, which allows an attacker to include a file from the web server via a specially crafted URL. The vulnerable component is com_jejob, which is a job component for Joomla. The vulnerable parameter is view, which can be manipulated to include a file from the web server. The vulnerable URL is http://server/jobcomponent/index.php?option=com_jejob&view=[LFI].

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of the component.
Source

Exploit-DB raw data:

Name : Joomla com_jejob LFI Vulnerability
Date : june, 26 2010
Critical Level     : HIGH
Vendor Url : http://joomlaextensions.co.in/jobcomponent/
Google Dork: inurl:com_jejob
Price:$25.00
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
User can search the job by Location or by Job Title or by Experience. User can also see the job category at the front page. Category wise

jobs are displayed in it. Click on the particular category it will display that category jobs. If user wants to apply for that job then click

on that job then it will display the job full description. Only registered user can applied for the job.
If new user register then he will gets the mail from administrator. Account detail for that user will be sent in that mail. If user has

applied the job then each time administrator and job company gets the mail form that user.
Admin can set the design of the job category page, job page and Job description page from the three different type of editor which will be

given in the Configuration Management. Default design will be given in the editors. Admin can make that own design for that pages.
There are three different managers in the admin side.
1. Category Management
2. Job Management
3. Fields Management
4. Form Layout
5. User Job
6. Configuration

#######################################################################################################
Xploit:com_jejob LFI Vulnerability


DEMO URL : http://server/jobcomponent/index.php?option=com_jejob&view=[LFI]

######################################################################

Navigation

Suggest Exploit

Services By CQR