Joomla Component (com_fileuploader) Upload File Vulnerability

###
# Title : Joomla Component (com_fileuploader) Upload File Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701) begin_of_the_skype_highlighting            (00213555248701)      end_of_the_skype_highlighting
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Upload File Vulnerability
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# Go0gle Dork : inurl:com_fileuploader
###

# Demo : http://[TARGET]/[PATH]/index.php?option=com_fileuploader&view=fileuploader&Itemid=7

# Example : http://www.aziz-rehman.com/index.php?option=com_fileuploader&view=fileuploader&Itemid=7

# Exploit : 

1 - Goto Upload Page .../index.php?option=com_fileuploader&view=fileuploader&Itemid=7

2 - Upload Shell .txt .jpg ... etc


#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# GreetZ to : Islampard * Dr.Ride * Zaki.Eng * BadR0 * NoRo FouinY * Red1One
# XoreR * Mr.Dak007 * Hani * TOnyXED * Fox-Dz * Massinhou-Dz ++ all my friends ;
# > Algerians <  [D] HaCkerS-StreeT-Team [Z] > Hackers <
# My Friends on Facebook : Nayla Festa * Dz_GadlOl * MatmouR13 ...all Others
# 4nahdha.com : TitO (Dr.Ride) *  MEN_dz * Mr.LAK (Administrator) * all members ...
# sec4ever.com members Dz : =>>
#  Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz ... all Others
# hotturks.org : TeX * KadaVra ... all Others
# Kelvin.Xgr ( kelvinx.net)
#===========================================================================
Taken from : Packetstormsecurity

Share this article if you found it was useful: