Joomla Component com_performs component arbitary file upload

Joomla Component “com_performs” component arbitary file upload açığı bulundu. Açık sayesinde .php Shell upload edilebilmekte, server üzerinde zararlı yazılımlar, exploitler denenebilmekte, server üzerinden diğer sitelere erişim sağlanabilmektedir. Dosya upload açığı olan dizini geçici olarak kapatmakta fayda var.

# Exploit Title: [Joomla Com_performs component arbitary file upload]
# Google Dork: inurl:index.php?option=com_performs upload cv
# Date: [2012-09-27]
# Exploit Author: [Mormoroth]
# Vendor Homepage: [http://www.performs.org.au/]
# Version: [2.4 and prior]
# Tested on: [Linux/Windows]
------------
Attacker can upload files with uploader form
 
uploaded files go to /joomlaPath/media/uploads
 
this form builder rename uploaded file with simple combinition between date and time
 
for example if you upload file it will renamed to >> 2012-09-28-20-05-Unknown-file.txt
 
[2012-09-28] its current date and [20-05] is time of uploading file (Hour/Minute) And [Unknown] never change,after them your file name
 
by simple brute force you can find upload time which is hard part of guessing your exact uploaded file
------------
 
ISCN TEAM
 
http://blog.mormoroth.ir
http://ha.cker.ir
Follow me on Twitter And Facebook
http://twitter.com/Mormoroth
http://facebook.com/ISCNTEAM
 
ISCN Special Defacements Archive
http://www.zone-h.org/archive/special=1/notifier=ISCN
 
From Iran

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir