23 lines
No EOL
980 B
Text
23 lines
No EOL
980 B
Text
There is a file upload vulnerability in version 1.8.8 and earlier of
|
|
JomSocial, the popular community extension for Joomla!.
|
|
|
|
Successful exploitation of this exploit requires the site to be
|
|
configured to allow users to upload video files directly, which is
|
|
disabled by default. If this feature is enabled, any file uploaded via
|
|
the "add video" upload form will end up in
|
|
http://[victim]/images/originalvideos/[your account's user id]/[unique
|
|
file name]. This folder is not protected with an index, so if indexes
|
|
are allowed retrieving the shell's filename is trivial.
|
|
|
|
Listed on the JomSocial Changelog as "BUG: 4495"
|
|
<http://www.jomsocial.com/docs/Change_Log#Version_1.8.9>
|
|
|
|
Timeline
|
|
|
|
* Vulnerabilities Discovered: 26 September 2010
|
|
* Vendor Notified: 27 September 2010
|
|
* Vendor Response: 27 September 2010
|
|
* Update Available: 28 September 2010
|
|
* Disclosure: 30 September 2010
|
|
|
|
http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html |