JomSocial 1.8.8 - Arbitrary File Upload

EDB-ID:

15164

CVE:


EDB Verified:

Author:

Jeff Channell

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-09-30

Vulnerable App: 
There is a file upload vulnerability in version 1.8.8 and earlier of 
JomSocial, the popular community extension for Joomla!.

Successful exploitation of this exploit requires the site to be 
configured to allow users to upload video files directly, which is 
disabled by default. If this feature is enabled, any file uploaded via 
the "add video" upload form will end up in 
http://[victim]/images/originalvideos/[your account's user id]/[unique 
file name]. This folder is not protected with an index, so if indexes 
are allowed retrieving the shell's filename is trivial.

Listed on the JomSocial Changelog as "BUG: 4495" 
<http://www.jomsocial.com/docs/Change_Log#Version_1.8.9>

Timeline

     * Vulnerabilities Discovered: 26 September 2010
     * Vendor Notified: 27 September 2010
     * Vendor Response: 27 September 2010
     * Update Available: 28 September 2010
     * Disclosure: 30 September 2010

http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services