The Joomla OS Property component suffers from a remote shell upload vulnerability.
2319911a51d2f907dbdd7a4d6226212e3052f622977a3c72772152ecace5dd11_______________________________________________________________________________________
Exploit Title: Joomla com_osproperty Unrestricted File Upload
Google Dork: com_osproperty
Date: [13-07-2012]
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
site: http://www.insecurityperu.org/ & http://poisonsecurity.wordpress.com/
Vendor: Ossolution Team http://extensions.joomla.org/
Version: 2.0.2 (last update on Jul 12, 2012)
License: Commercial $ 28.86us
Tested on: [Linux(arch)-Windows(7ultimate)]
1. Go to this route
Ingrese a esta ruta
http://site/component/osproperty/?task=agent_register
2. Complete the form, raising the shell.php instead of your photo
Complete el formulario, subiendo la shell.php en lugar de su foto
3. Locate your file in the root /osproperty/agent/
Busque su archivo en la raiz /osproperty/agent/
http://site/images/osproperty/agent/randomid_yourshell.php
Demo: http://www.2habitat.com/
Help: This path can help you find your web shell in case you need it
Este path le puede ayudar a encontrar su web shell en caso q lo necesite
component/osproperty/?task=agent_default
Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R" 2012
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed