######################
# Exploit Title : Joomla com_aicontactsafe Arbitrary File Upload / SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_aicontactsafe
# Software link : http://www.algisinfo.com/en/download/category/1-free-extensions.html
# Vendor Homepage : http://www.algisinfo.com/
# version : 2.0.20
# Tested on: [ Windows]
# skype:xbadgirl21
# Date: 2016/07/18
# video Proof : https://youtu.be/PdDmThHGVz8
######################
# [+] FILE UPLOAD :
######################
######################
# [+] DESCRIPTION :
######################
# [+] aiContactSafe is An AJAX driven component to place a contact form anywhere on your web page
# [+] with any number of custom fields of different types, including attachments.
# [+] and an Shell Upload and SQLi has been Detected in this component
######################
# [+] PoC :
######################
# 1.- SELECT A WEBSITE FROM THE DORK ABOVE
# 2.- http://localhost/site/index.php?option=com_aicontactsafe
# 3.- check this Directory if you have Access to it : media/aicontactsafe/attachments
# 4.- Just Upload your Shell or Txt or Image to Upload Field
# 5.- Shell Directory : media/aicontactsafe/attachments/[RANDOME_NUM]Evi!l.php or the extension uploaded
# Ex : http://malmoskyttegille.se/media/aicontactsafe/attachments/x_415.txt
######################
# [+] Live Demo:
######################
# http://malmoskyttegille.se/index.php?option=com_aicontactsafe
######################
# [+] SQL injection:
######################
# PoC :
# http://www.site.com/index.php?option=com_aicontactsafe&field=1
# AdminPanel :
# http://www.site.com/administrator
######################
# [+] Live Demo:
######################
# http://www.esbrasil.net/portal/index.php?option=com_aicontactsafe&field=1
# http://www.rustyspic-a-part.com/index.php?option=com_aicontactsafe&field=1
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################