Friday, 25 October 2013

Joomla com_fabrik Upload Vulnerability

Today, I'm going to teach you how to deface a website using Joomla com_fabrik Upload Vulnerability.


Understanding Attack Method

Joomla’s com_fabrik component gives you the power to create forms and tables that run inside Joomla without requiring knowledge of mySQL and PHP. Then feed your data into Google Maps, Charts or an AJAX based calendar.But it’s vulnerable :)



Finding Vulnerable Target

Let's get it started

Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik

Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

1.Paste the any of the dork in www.google.com. If you want to narrow down the search for .com domains or .com.au domains then just append “site:com.au” in above google dork.

Example: inurl:index.php?option=com_fabrik site:com.au (This will serach for com_fabrik vulnerability for .com.au websites)


Exploiting Target

1. Once you have the list of websites, choose any website and replace put the exploit at the back of the site.
Example:
From

To

2. Then, you’ll get something like this.


3. Now upload any file to upload such as picture.jpg or shell.php. Once your file successfully uploaded, you need to add /media/yourfilename.jpg to see your file.

Example:


4. Example of the vulnerable sites,


5. You also can upload your shell into the site :)

http://bluejaylodgecostarica.com/media/up.php

and deface the index.html :P

http://bluejaylodgecostarica.com/


Live Demo :