0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Joomla Component joomgalaxy v1.2.0.5 Remote File Upload

Author

D4NB4R

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

Platform

 Exploit Title: Joomgalaxy Remote File Upload v1.2.0.5

 dork: inurl:com_joomgalaxy
 
 Date: [21-08-2012]
 
 Author: Daniel Barragan "D4NB4R"
 
 Twitter: @D4NB4R
 
 site: http://poisonsecurity.wordpress.com/
 
 Vendor: http://www.joomgalaxy.com/
 
 Version: 1.2.0.5 (last update on Aug 21, 2012)
 
 License: Commercial $ 149 us

 Demo: http://joomgalaxy.com/demo/
  
 Tested on: [Linux(bt5)-Windows(7ultimate)]


Descripcion: 

Joomgalaxy is a rich, comprehensive directory component brimming with unique features like Entry comparison, Pay per download, Tagging, Email Cloaking, Review and Rating with Multiple Attributes, add Articles to Entries, with many more plus all standard directory features as well. 

Comentario:
 
Al igual que en la version anterior 1.2.0.4 la cual tambien le encontre vulnerabilidades hace menos de 2 meses  parece ser que solo arreglaron el upload y la sqli reportadas dejando el upload del icon sin restricciones ni validaciones

As in the previous version 1.2.0.4 which also vulnerabilities found him less than two months, it seems that only fixed the upload and sqli reported leaving the upload icon without restrictions or validations
 
 
1. Unrestricted File Upload 

    

     1a. Go to this route, Complete the form and login the site
         Ingrese a esta ruta, Complete el formulario e ingrese al sitio 
    
                http://site/index.php?option=com_users&view=registration
 
 
     1b. go to the following link and create a new post, then go to input icon and upload your shell as follows shell.php

         vaya a este enlace cree un nuevo anuncio luego vaya al input del icon y suba su shell de la de la siguiente manera shell.php

               http://site/index.php?option=com_joomgalaxy&view=addentry
 
 
     1c.  once the post is published go to the tab images and upload your shell in the following way: shell.php
          Una vez subida la shell busquela en el siguiente path


http://site//administrator/components/com_joomgalaxy/assets/images/entry_manager/1345590149_icon_shell.php
          
  
_____________________________________________________
Daniel Barragan "D4NB4R" 2012



#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Joomla Component joomgalaxy v1.2.0.5 Remote File Upload

Report Error

Report Error