Home / os / win7

Joomla DJ-Classifieds Extension com_djclassifieds Upload Vul

Posted on 02 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================================
Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability
======================================================================

# Dork:inurl:com_djclassifieds

Description :
 The DJ-Classifieds extension allows you to add text advertisements into thematic categories, assigning images and descriptions to them.
You can also allow users to add their own advertisements at your website with possibility to charge users for it (paypal).
 
Features:
free and paid classifieds
menu module
items module
search module
 
############################################################################
 
Xploit : Upload Vulnerability
 
        
 STEP 1 : Register first :)
  
 STEP 2 : Goto &quot;Add classifieds&quot;option.
 
 STEP 3 : The attacker either upload  a shell by changing the extension of the shell to .img,.gif or.bmp.
        The description part is also vulnerable.
        By uploading the evil script succesfully one can attack. :)
 
 
 Once uploaded you can check your classifieds :P
 
DEMO URL:
 
http://server/index.php?option=com_djclassifieds&amp;view=showitem&amp;cid=6&amp;id=29&amp;Itemid=1
 
 
############################################################################
 
 
#Sid3^effects


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-02]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :