Joomla Component com_mysms Upload Vulnerability

2010-07-10T00:00:00
ID 1337DAY-ID-13263
Type zdt
Reporter Sid3^effects
Modified 2010-07-10T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================
Joomla Component com_mysms Upload Vulnerability
===============================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Joomla com_mysms Upload Vulnerability
Date : july 10,2010
Critical Level     : HIGH
vendor URL :http://www.joomlaconsultant.de/
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
MySMS is standing for "Simple sms component" for Joomla. The MySMS component is now available for Joomla 1.0.x ( com_mysms-0.9.4.zip ) and

for Joomla 1.5.x series ( use com_mysms-1.5.10.zip ).

This component supports following sms gateway provider today: w2sms, teleword, smskaufen, smscreator, sms77, sms4credits, mobilant, mesmo,

clickatell, aspsms, nohnoh, mexado, innosend, suresms,compaya and hardwired, mobilenl, sloono, smsat and wannfind, agiletelecom,

smsviainternet, infobip, at&t, smscom, coolsms, smsglobal, aruhat, massenversand, smstrade.
#######################################################################################################
Xploit: Upload Vulnerability

Step 1: Register first :D

Step 2: Goto your profile "Mysms" option

Step 3: The attacker can upload shell in the "Import phonebook" option and it doesnt validate any file format so upload your shell
DEMOU URL :http://mysms-demo.willcodejoomlaforfood.de/?option=com_mysms&Itemid=0&task=phonebook

Step 4: your shell is uploaded and now you do ur job ;)

#######################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-01-04]  #