Joomla SmartFormer 2.4.1 Shell Upload

2016-06-30T00:00:00
ID PACKETSTORM:137730
Type packetstorm
Reporter indoushka
Modified 2016-06-30T00:00:00

Description

                                        
                                            `========================================================================  
| # Title : Joomla com_smartformer Upload vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on: windows 8.1 Français V.(Pro)  
| # Vendor : http://joomla4ever.org/extensions/smart-former  
========================================================================  
* @package SmartFormer  
* @version 2.4.1 (J1.5 security fix)  
* @author The SmartFormer project (http://www.itoris.com/joomla-form-builder-smartformer.html)  
* @copyright IToris Co. 2006-2010  
* @license GNU GPL  
*  
  
  
Dork : inurl:"index.php?option=com_smartformer"  
  
path Ev!l : /components/com_smartformer/files/  
  
poc:  
  
1 - choose a site and open it  
  
2 - Upload shell.php  
  
3 - Go to :/components/com_smartformer/files/shell.php  
  
Greetz :   
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*  
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *  
---------------------------------------------------------------------------------------------------------------  
`