Joomla OS Property Shell Upload

`_______________________________________________________________________________________  
  
Exploit Title: Joomla com_osproperty Unrestricted File Upload   
  
Google Dork: com_osproperty  
  
Date: [13-07-2012]  
  
Author: Daniel Barragan "D4NB4R"  
  
Twitter: @D4NB4R  
  
site: http://www.insecurityperu.org/ & http://poisonsecurity.wordpress.com/  
  
Vendor: Ossolution Team http://extensions.joomla.org/  
  
Version: 2.0.2 (last update on Jul 12, 2012)  
  
License: Commercial $ 28.86us  
  
Tested on: [Linux(arch)-Windows(7ultimate)]  
  
  
1. Go to this route  
Ingrese a esta ruta  
  
http://site/component/osproperty/?task=agent_register  
  
  
2. Complete the form, raising the shell.php instead of your photo  
Complete el formulario, subiendo la shell.php en lugar de su foto  
  
  
3. Locate your file in the root /osproperty/agent/   
Busque su archivo en la raiz /osproperty/agent/   
  
http://site/images/osproperty/agent/randomid_yourshell.php  
  
  
Demo: http://www.2habitat.com/  
  
Help: This path can help you find your web shell in case you need it  
Este path le puede ayudar a encontrar su web shell en caso q lo necesite  
  
component/osproperty/?task=agent_default  
  
  
Im not responsible for which is given  
No me hago responsable del uso que se le de  
_______________________________________________________________________________________  
Daniel Barragan "D4NB4R" 2012  
`