Joomla Component com_performs component arbitary file upload

# Exploit Title: [Joomla Com_performs component arbitary file upload] # Google Dork: inurl:index.php?option=com_performs upload cv # Date: [2012-09-27] # Exploit Author: [Mormoroth] # Vendor Homepage: [http://www.performs.org.au/] # Version: [2.4 and prior] # Tested on: [Linux/Windows] ------------ Attacker can upload files with uploader form   uploaded files go to /joomlaPath/media/uploads   this form builder rename uploaded file with simple combinition between date and time   for example if you upload file it will renamed to >> 2012-09-28-20-05-Unknown-file.txt   [2012-09-28] its current date and [20-05] is time of uploading file (Hour/Minute) And [Unknown] never change,after them your file name   by simple brute force you can find upload time which is hard part of guessing your exact uploaded file ------------   From Iran   # 619EDDF21B6569C0   1337day.com [2013-09-01]   7FA32A6DFA150769 #