32 lines
No EOL
1.8 KiB
Text
32 lines
No EOL
1.8 KiB
Text
1 ########################################## 1
|
|
0 I'm Sid3^effects member from Inj3ct0r Team 1
|
|
1 ########################################## 0
|
|
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
|
|
|
|
Name : Joomla com_mysms Upload Vulnerability
|
|
Date : july 10,2010
|
|
Critical Level : HIGH
|
|
vendor URL :http://www.willcodejoomlaforfood.de/
|
|
Author : Sid3^effects aKa HaRi
|
|
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
|
|
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
|
|
#######################################################################################################
|
|
Description
|
|
MySMS is standing for "Simple sms component" for Joomla. The MySMS component is now available for Joomla 1.0.x ( com_mysms-0.9.4.zip ) and for Joomla 1.5.x series ( use com_mysms-1.5.10.zip ).
|
|
|
|
This component supports following sms gateway provider today: w2sms, teleword, smskaufen, smscreator, sms77, sms4credits, mobilant, mesmo, clickatell, aspsms, nohnoh, mexado, innosend, suresms,compaya and hardwired, mobilenl, sloono, smsat and wannfind, agiletelecom, smsviainternet, infobip, at&t, smscom, coolsms, smsglobal, aruhat, massenversand, smstrade.
|
|
#######################################################################################################
|
|
Xploit: Upload Vulnerability
|
|
|
|
Step 1: Register first :D
|
|
|
|
Step 2: Goto your profile "Mysms" option
|
|
|
|
Step 3: The attacker can upload shell in the "Import phonebook" option and it doesnt validate any file format so upload your shell
|
|
DEMOU URL :http://server/?option=com_mysms&Itemid=0&task=phonebook
|
|
|
|
Step 4: your shell is uploaded and now you do ur job ;)
|
|
|
|
#######################################################################################################
|
|
# 0day no more
|
|
# Sid3^effects |