Joomla BreezingForms 1.8.x Arbitrary File Upload

2016-08-02T00:00:00
ID PACKETSTORM:138153
Type packetstorm
Reporter xBADGIRL21
Modified 2016-08-02T00:00:00

Description

                                        
                                            `######################  
# ____ _ ____ ____ ___ ____ _ ____ _  
# __ _| __ ) / \ | _ \ / ___|_ _| _ \| | |___ \/ |  
# \ \/ / _ \ / _ \ | | | | | _ | || |_) | | __) | |  
# > <| |_) / ___ \| |_| | |_| || || _ <| |___ / __/| |  
# /_/\_\____/_/ \_\____/ \____|___|_| \_\_____|_____|_|  
#  
######################  
# Exploit Title : Joomla com_breezingforms Arbitrary File Upload  
# Exploit Author : xBADGIRL21  
# Dork : inurl:index.php?option=com_breezingforms  
# Software link :  
https://crosstec.org/en/downloads/breezingforms-for-joomla.html  
# Vendor Homepage : https://crosstec.org/en/  
# version : 1.8.x  
# Tested on: [ BACK BOX ]  
# skype:xbadgirl21  
# Date: 01/08/2016  
# video Proof : https://www.youtube.com/watch?v=qat5nAQ8H80  
######################  
# [+] FILE UPLOAD :  
######################  
######################  
# [+] DESCRIPTION :  
######################  
# [+] BreezingForms is the only state of the art form builder for Joomla!A(r)  
that combines  
# [+] modern techniques with enterprise features. From great looking simple  
forms up to complex form applications  
# [+] -- almost everything is possible!  
# [+] and an Shell Upload has been Detected in this component  
######################  
# [+] PoC :  
######################  
# 1.- SELECT A WEBSITE FROM THE DORK ABOVE  
# 2.- http://localhost/joomla/  
# 3.- check this Directory if you have Access to it :  
media/breezingforms/uploads/  
# 4.- fill the fields  
# 5.- Upload your Shell like :shell.php.Txt or Image to Upload Field  
# 6.- Shell Directory : media/breezingforms/uploads/yourfile.txt or the  
extension uploaded  
# Ex : http://www.sps-training.com/media/breezingforms/uploads/a.txt  
######################  
# [+] Live Demo:  
######################  
#  
http://www.sps-training.com/index.php?option=com_breezingforms&view=form&Itemid=248  
#  
http://www.alaeu.com/index.php?option=com_breezingforms&tmpl=component&Itemid=145&ff_contentid=24&ff_form=1&ff_applic=plg_facileforms&format=html&ff_frame=1&lang=en  
#  
http://www.westernerdays.ca/index.php?option=com_breezingforms&Itemid=137&ff_form=2&ff_applic=mod_facileforms&ff_module_id=134&format=html&tmpl=component&ff_frame=1  
######################  
# [+] File Path :  
######################  
# http://www.localhost/media/breezingforms/uploads/yourfile.txt  
######################  
# Discovered by : xBADGIRL21  
# Greetz : All Mauritanien Hackers - NoWhere  
######################  
`