# Exploit Title: [Joomla Com_performs component arbitary file upload] # Google Dork: inurl:index.php?option=com_performs upload cv # Date : [2012-09-27] # Exploit Author: [Mormoroth] # Vendor Homepage: [http: //www.performs.org.au/] # Version: [2.4 and prior] # Tested on: [Linux/Windows] ------------ Attacker can upload files with uploader form uploaded files go to /joomlaPath/media/uploads this form builder rename uploaded file with simple combinition between date and time for example if you upload file it will renamed to >> 2012-09-28-20-05-Unknown-file.txt [2012-09-28] its current date and [20-05] is time of uploading file (Hour/Minute) And [Unknown] never change,after them your file name by simple brute force you can find upload time which is hard part of guessing your exact uploaded file ------------ From Iran # 619EDDF21B6569C0 1337day.com [2013-09-01] 7FA32A6DFA150769 # |
Saturday, 31 August 2013
Joomla Component com_performs component arbitary file upload
Posted on 21:20 by Eagle Eye
This is wonderful post and it provide the lots of medical information. Thanks for sharing.direct admission in BDS
ReplyDelete