what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Joomla DJ Classifieds Shell Upload

Joomla DJ Classifieds Shell Upload
Posted May 3, 2010
Authored by Sid3 effects

The Joomla DJ Classifieds component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9ce74b880f307f1c2ec7c8268a1c33b6d252ee65efc1fd7e84545cb76feb28af

Joomla DJ Classifieds Shell Upload

Change Mirror Download
# Exploit Title:Upload Vulnerability in com_djclassifieds
# Version: Web Application
# vendor :http://dj-extensions.com/
# Date: 2 apr,2010
# Dork:inurl:com_djclassifieds
# Author:Sid3^effects
# Code :


############################################################################

ooooo .oooooo. oooooo oooooo oooo
`888' d8P' `Y8b `888. `888. .8'
888 888 `888. .8888. .8'
888 888 `888 .8'`888. .8'
888 888 `888.8' `888.8'
888 `88b ooo `888' `888'
o888o `Y8bood8P' `8' `8'

--------------------------------------------------------------------------------------
#####################Sid3^effects aKa HaRi##################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR
#ShouTZ:kedar,dec0d3r,41.w4r10r
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################

Description :
The DJ-Classifieds extension allows you to add text advertisements into thematic categories, assigning images and descriptions to them.
You can also allow users to add their own advertisements at your website with possibility to charge users for it (paypal).

Features:
free and paid classifieds
menu module
items module
search module

############################################################################

Xploit : Upload Vulnerability


STEP 1 : Register first :)

STEP 2 : Goto "Add classifieds"option.

STEP 3 : The attacker either upload a shell by changing the extension of the shell to .img,.gif or.bmp.
The description part is also vulnerable.
By uploading the evil script succesfully one can attack. :)

DEMO URL :
http://templates.design-joomla.eu/jm-classifieds/index.php

Once uploaded you can check your classifieds :P

DEMO URL:

http://templates.design-joomla.eu/jm-classifieds/index.php?option=com_djclassifieds&view=showitem&cid=6&id=29&Itemid=1


############################################################################


#Sid3^effects
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close