JomSocial 1.8.8 – Arbitrary File Upload

• Exploit Database
• 33 阅读

• 作者： Jeff Channell
  日期： 2010-09-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15164/

• There is a file upload vulnerability in version 1.8.8 and earlier of 
  JomSocial, the popular community extension for Joomla!.
  
  Successful exploitation of this exploit requires the site to be 
  configured to allow users to upload video files directly, which is 
  disabled by default. If this feature is enabled, any file uploaded via 
  the "add video" upload form will end up in 
  http://[victim]/images/originalvideos/[your account's user id]/[unique 
  file name]. This folder is not protected with an index, so if indexes 
  are allowed retrieving the shell's filename is trivial.
  
  Listed on the JomSocial Changelog as "BUG: 4495" 
  <http://www.jomsocial.com/docs/Change_Log#Version_1.8.9>
  
  Timeline
  
   * Vulnerabilities Discovered: 26 September 2010
   * Vendor Notified: 27 September 2010
   * Vendor Response: 27 September 2010
   * Update Available: 28 September 2010
   * Disclosure: 30 September 2010
  
  http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html