Joomla com_breezingforms Arbitrary File Upload

2016.08.02
mr xBADGIRL21 (MR) mr
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### # ____ _ ____ ____ ___ ____ _ ____ _ # __ _| __ ) / | _ / ___|_ _| _ | | |___ / | # / / _ / _ | | | | | _ | || |_) | | __) | | # > <| |_) / ___ | |_| | |_| || || _ <| |___ / __/| | # /_/_____/_/ _____/ ____|___|_| ______|_____|_| # ###################### # Exploit Title : Joomla com_breezingforms Arbitrary File Upload # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_breezingforms # Software link : https://crosstec.org/en/downloads/breezingforms-for-joomla.html # Vendor Homepage : https://crosstec.org/en/ # version : 1.8.x # Tested on: [ BACK BOX ] # skype:xbadgirl21 # Date: 01/08/2016 # video Proof : https://www.youtube.com/watch?v=qat5nAQ8H80 ###################### # [+] FILE UPLOAD : ###################### ###################### # [+] DESCRIPTION : ###################### # [+] BreezingForms is the only state of the art form builder for Joomla!® that combines # [+] modern techniques with enterprise features. From great looking simple forms up to complex form applications # [+] -- almost everything is possible! # [+] and an Shell Upload has been Detected in this component ###################### # [+] PoC : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- http://localhost/joomla/ # 3.- check this Directory if you have Access to it : media/breezingforms/uploads/ # 4.- fill the fields # 5.- Upload your Shell like :shell.php.Txt or Image to Upload Field # 6.- Shell Directory : media/breezingforms/uploads/yourfile.txt or the extension uploaded # Ex : http://www.sps-training.com/media/breezingforms/uploads/a.txt ###################### # [+] Live Demo: ###################### # http://www.sps-training.com/index.php?option=com_breezingforms&view=form&Itemid=248 #http://www.alaeu.com/index.php?option=com_breezingforms&tmpl=component&Itemid=145&ff_contentid=24&ff_form=1&ff_applic=plg_facileforms&format=html&ff_frame=1&lang=en #http://www.westernerdays.ca/index.php?option=com_breezingforms&Itemid=137&ff_form=2&ff_applic=mod_facileforms&ff_module_id=134&format=html&tmpl=component&ff_frame=1 ###################### # [+] File Path : ###################### # http://www.localhost/media/breezingforms/uploads/yourfile.txt ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################

References:

https://www.youtube.com/watch?v=qat5nAQ8H80


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top