Home / os / solaris

Joomla com_breezingforms Arbitrary File Upload

Posted on 30 November -0001

<HTML><HEAD><TITLE>Joomla com_breezingforms Arbitrary File Upload</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # ____ _ ____ ____ ___ ____ _ ____ _ # __ _| __ ) / | _ / ___|_ _| _ | | |___ / | # / / _ / _ | | | | | _ | || |_) | | __) | | # > <| |_) / ___ | |_| | |_| || || _ <| |___ / __/| | # /_/_____/_/ _____/ ____|___|_| ______|_____|_| # ###################### # Exploit Title : Joomla com_breezingforms Arbitrary File Upload # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_breezingforms # Software link : https://crosstec.org/en/downloads/breezingforms-for-joomla.html # Vendor Homepage : https://crosstec.org/en/ # version : 1.8.x # Tested on: [ BACK BOX ] # skype:xbadgirl21 # Date: 01/08/2016 # video Proof : https://www.youtube.com/watch?v=qat5nAQ8H80 ###################### # [+] FILE UPLOAD : ###################### ###################### # [+] DESCRIPTION : ###################### # [+] BreezingForms is the only state of the art form builder for Joomla!® that combines # [+] modern techniques with enterprise features. From great looking simple forms up to complex form applications # [+] -- almost everything is possible! # [+] and an Shell Upload has been Detected in this component ###################### # [+] PoC : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- http://localhost/joomla/ # 3.- check this Directory if you have Access to it : media/breezingforms/uploads/ # 4.- fill the fields # 5.- Upload your Shell like :shell.php.Txt or Image to Upload Field # 6.- Shell Directory : media/breezingforms/uploads/yourfile.txt or the extension uploaded # Ex : http://www.sps-training.com/media/breezingforms/uploads/a.txt ###################### # [+] Live Demo: ###################### # http://www.sps-training.com/index.php?option=com_breezingforms&view=form&Itemid=248 #http://www.alaeu.com/index.php?option=com_breezingforms&tmpl=component&Itemid=145&ff_contentid=24&ff_form=1&ff_applic=plg_facileforms&format=html&ff_frame=1&lang=en #http://www.westernerdays.ca/index.php?option=com_breezingforms&Itemid=137&ff_form=2&ff_applic=mod_facileforms&ff_module_id=134&format=html&tmpl=component&ff_frame=1 ###################### # [+] File Path : ###################### # http://www.localhost/media/breezingforms/uploads/yourfile.txt ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################</BODY></HTML>

 

TOP