Joomla! Component jDownloads 1.0 - Arbitrary File Upload

EDB-ID:

17303

CVE:

N/A




Platform:

PHP

Date:

2011-05-18


____________________________________________________________________
____________________________________________________________________


-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-

[~] Exploit Title: [jDownloads 1.0 Remote File Upload Vulnerability]


[~] Found By: Al-Ghamdi
[?] Contact: by-root@hotmail.com
[?] Date: 18.5.20ll   
[?] Home: in my home
[~] Software Link: [http://www.jdownloads.com/index.php?option=com_jdownloads&Itemid=133&task=view.download&catid=22&cid=234]
[~] Version: Version:1.0
[~] Dork : "Powered by jDownloads"
____________________________________________________________________
____________________________________________________________________

Exploit :

# Open Site ..
# Register [When required you to register]..
# Go to : [Submit file] ..
# Make Shell format like [shell.php.jpg] ..
# Then Upload your Shell ..
# You will see the path of your shell ..
 

# Example   http://www.site.com/public-relations/testimonials
# Example   http://www.site.com/index.php?/component/option,com_jdownloads/Itemid,70/task,view.upload/

(+)Gr33ts to : Only my God [ Allah ] ..
____________________________________________________________________
____________________________________________________________________