Joomla Component Com_Agora 3.0.0 RC1 Remote File Upload Vulnerability

vendor:

Joomla Component Com_Agora

by:

ByALBAYX

9,3

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: Joomla Component Com_Agora

Affected Version From: 3.0.0 RC1

Affected Version To: 3.0.0 RC1

Patch Exists: YES

Related CWE: N/A

CPE: a:joomla:joomla_component_com_agora:3.0.0_rc1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

Joomla Component Com_Agora 3.0.0 RC1 Remote File Upload Vulnerability

A remote file upload vulnerability exists in Joomla Component Com_Agora 3.0.0 RC1. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This can be exploited to compromise the web application and the underlying system. The vulnerability is due to insufficient validation of user-supplied input in the 'task' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the webserver process.

Mitigation:

Upgrade to the latest version of Joomla Component Com_Agora 3.0.0 RC1 or later.

Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG
@~~===============TURKISH=================~~@

              _.--"""""--._
            .'             '.
           /                 \
          ;       C4TEAM      ;
          |                   |
          |                   |
          ;                   ;                   ByALBAYX
           \ (`'--,    ,--'`) /
            \ \  _ )  ( _  / /                 WWW.C4TEAM.ORG
             ) )(')/  \(')( (
            (_ `""` /\ `""` _)
             \`"-, /  \ ,-"`/                       
              `\ / `""` \ /`
               |/\/\/\/\/\|                      
               |\        /|
               ; |/\/\/\| ;
                \`-`--`-`/
                 \      /
                  ',__,'


@~~=======================================~~@
@~~=Script   : Joomla Component Com_Agora 3.0.0 RC1

@~~=S.Site   : http://joomlame.com

@~~=Demo     : http://joomlame.com/index.php?option=com_agora&task=upload

@~~=======================================~~@

@~~=Bulunan Delik:

@~~=http://c4team.org/ [Yol] /index.php?option=com_agora&task=upload

@~~=http://c4team.org/ [Yol] /components/com_agora/img/members/0/ [Shell.php]

@~~=Arama   : "inurl:com_agora"

@~~=http://kht.by.ru/Google.txt

@~~=Vs..


@~~=L!ve Demo:

@~~=http://joomlame.com/index.php?option=com_agora&task=upload
@~~=http://joomlame.com/components/com_agora/img/members/0/xporce.php

@~~=http://dogansar.org/index.php?option=com_agora&task=upload
@~~=http://dogansar.org/components/com_agora/img/members/0/xporce.php

@~~=http://pehlivanlibeldesi.com/index.php?option=com_agora&task=upload
@~~=http://pehlivanlibeldesi.com/components/com_agora/img/members/0/xx_byalbayx.php

@~~=http://sogutluagil.com/index.php?option=com_agora&task=upload
@~~=http://sogutluagil.com/components/com_agora/img/members/0/xporce.php

@~~=Vs..
@~~=======================================~~@

@~~=Haydi Bakalim Baya Site Var iyi bir server denk gelir google moogle cikarda unlu olursunuz  :D

@~~=:/

# milw0rm.com [2009-05-26]