Joomla JFUploader Shell Upload

2010-11-01T00:00:00
ID PACKETSTORM:95336
Type packetstorm
Reporter Setr0nix
Modified 2010-11-01T00:00:00

Description

                                        
                                            `=========================================================================================================  
[#] Type : Joomla Component com_jfuploader Remote File Upload  
[#] Author : Setr0nix  
[#] Home : www.Setr0nix.com  
[#] Contact : Admin@Setr0nix.com  
=========================================================================================================  
  
[#] Exploit :  
1. Register  
2. http://127.0.0.1/index.php?option=com_jfuploader&Itemid=[Itemid]  
3. Download One gif Image ( Example : http://www.google.com/images/logo.gif )  
4. Open logo.gif In Notepad++ And Got to Last Line  
5. Copy And Past You PHP Code After The Last Line ( Don't Delete Any Thing Of Image Code )  
6. Save It , Ctrl + S  
7. Rename logo.gif To logo.php.gif And Upload It From com_jfuploader  
8. To Run Your Uploaded File Go To This Link : http://127.0.0.1/files/YourUsername/logo.php.gif  
  
=========================================================================================================  
[#] S T T :  
All Iranian Hackers , Offensive Security , Inj3ct0r , SecurityReason  
=========================================================================================================  
  
`