Saturday, 31 August 2013

# Exploit Title: [Joomla Com_performs component arbitary file upload]
# Google Dork: inurl:index.php?option=com_performs upload cv
# Date: [2012-09-27]
# Exploit Author: [Mormoroth]
# Vendor Homepage: []
# Version: [2.4 and prior]
# Tested on: [Linux/Windows]
Attacker can upload files with uploader form
uploaded files go to /joomlaPath/media/uploads
this form builder rename uploaded file with simple combinition between date and time
for example if you upload file it will renamed to >> 2012-09-28-20-05-Unknown-file.txt
[2012-09-28] its current date and [20-05] is time of uploading file (Hour/Minute) And [Unknown] never change,after them your file name
by simple brute force you can find upload time which is hard part of guessing your exact uploaded file
From Iran
# 619EDDF21B6569C0 [2013-09-01]   7FA32A6DFA150769 #

1 comment:

  1. This is wonderful post and it provide the lots of medical information. Thanks for admission in BDS