Joomla Cartikads Shell Upload

2010-01-04T00:00:00
ID PACKETSTORM:84753
Type packetstorm
Reporter kaMtiEz
Modified 2010-01-04T00:00:00

Description

                                        
                                            `###################################################################################  
#  
[~] Joomla components com_cartikads Remote File Upload vulnerability #  
[~] Author : kaMtiEz (kamzcrew@yahoo.com) #  
[~] Homepage : http://www.indonesiancoder.com #  
[~] Date : January 02, 2009 #  
#  
###################################################################################  
  
[ Software Information ]  
  
[+] Vendor : http://www.cartikahosting.com  
[+] Download : -  
[+] version : 1.0  
[+] Vulnerability : SQL injection  
[+] Dork : "Think iT"  
[+] Price : dunno   
[+] Location : INDONESIA - JOGJA  
[+] description : Cartikads is a Mambo Open Source ads management component.  
  
##################################################################################  
  
  
[ HERE WE GO .. LIVE FROM JOGJA CITY ]  
  
[ Vulnerable File ]  
  
http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php  
  
[ NOTE ]  
  
upload with extension shell.php.jpg  
  
your shell will be  
  
http://server/[kaMtiEz]/images/stories/shell.php.jpg  
  
http://server/[kaMtiEz]/images/banners/shell.php.jpg  
  
  
===========================================================================  
  
[ Thx TO ]  
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink  
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..  
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah  
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk  
  
[ NOTE ]  
  
[+] Nyak ama babe gua .. tak lupa adik gua ..  
[+] tukulesto : where did u go ??  
[+] Dengerin Radio yach di http://antisecradio.fm :D  
  
[ QUOTE ]  
  
[+] rm -rf  
  
[ EOF ]  
  
[+] INDONESIANOCODER TEAM  
[+] KILL -9 TEAM   
  
`