Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload

2020.09.08
Credit: thelastvvv
Risk: High
Local: No
Remote: Yes
CWE: CWE-264

# Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload # Google Dork: inurl:''com_gmapfp'' # Date: 2020-03-27 # Exploit Author: ThelastVvV # Vendor Homepage:https://gmapfp.org/ # Version:Version J3.5 /J3.5free # Tested on: Ubuntu # CVE:CVE-2020-23972 # Description: An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions # PoC: Version J3.5 /J3.5free http://127.0.0.1/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload -Once the attacker can locate the unauthenticated file upload form then the attacker can bypass the restriction by changing content-type and name file double extensions file.html.gif then can open file.html # Impact the attacker can upload malicious files can cause defacement of the site or uploading large amount of file til causes denial of service attack to Webapp/Server # Dir File Path: http://127.0.0.1///images/stories/gmapfp/test.html.gif http://127.0.0.1///images/stories/gmapfp/test.html http://127.0.0.1///images/gmapfp/test2.html.gif http://127.0.0.1///images/gmapfp/test2.html.gif # Issues are fixed,Please update to Last Version


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top