Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on September 8th, 2020 📆 | 5701 Views ⚑

0

Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload ≈ Packet Storm

# Exploit Title: Joomla! Component GMapFP J3.5/J3.5F – Unauthenticated Arbitrary File Upload
# Google Dork: inurl:”com_gmapfp”
# Date: 2020-03-27
# Exploit Author: ThelastVvV
# Vendor Homepage:https://gmapfp.org/
# Version:Version J3.5 /J3.5free
# Tested on: Ubuntu
# CVE:CVE-2020-23972

# Description:

An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions

# PoC:

Version J3.5 /J3.5free
http://127.0.0.1/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload

-Once the attacker can locate the unauthenticated file upload form then the attacker can bypass the restriction by changing content-type and name file double extensions file.html.gif then can open file.html

# Impact
the attacker can upload malicious files can cause defacement of the site or uploading large amount of file til causes denial of service attack to Webapp/Server

# Dir File Path:
http://127.0.0.1///images/stories/gmapfp/test.html.gif
http://127.0.0.1///images/stories/gmapfp/test.html
http://127.0.0.1///images/gmapfp/test2.html.gif
http://127.0.0.1///images/gmapfp/test2.html.gif

# Issues are fixed,Please update to Last Version

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...