Joomla components com_cartikads Remote File Upload vulnerability

vendor:

Cartikads

by:

kaMtiEz

7,5

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: Cartikads

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:cartikahosting:cartikads:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla components com_cartikads Remote File Upload vulnerability

A vulnerability exists in Joomla components com_cartikads which allows an attacker to upload a malicious file on the server. The vulnerable file is uploadimage.php which can be accessed via http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php. The attacker can upload a malicious file with extension shell.php.jpg and the shell will be available at http://server/[kaMtiEz]/images/stories/shell.php.jpg and http://server/[kaMtiEz]/images/banners/shell.php.jpg.

Mitigation:

The vendor should ensure that the file upload feature is properly secured and only allow the upload of files with valid extensions.

Source

Exploit-DB raw data:

###################################################################################
                                                                                  #
[~] Joomla components com_cartikads  Remote File Upload vulnerability             #
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)                                    #
[~] Homepage	: http://www.indonesiancoder.com                                  #
[~] Date	: January 02, 2009                                                #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.cartikahosting.com
[+] Download : -
[+] version : 1.0
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : dunno            
[+] Location : INDONESIA - JOGJA
[+] description : Cartikads is a Mambo Open Source ads management component.

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php

[ NOTE ]

upload with extension shell.php.jpg

your shell will be

http://server/[kaMtiEz]/images/stories/shell.php.jpg

http://server/[kaMtiEz]/images/banners/shell.php.jpg


===========================================================================

[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] tukulesto : where did u go ??
[+] Dengerin Radio yach di http://antisecradio.fm :D

[ QUOTE ]

[+] rm -rf 

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM