Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#17747] - Joomla com_media Upload Vulnerability

?
avatar evandrix
evandrix
28 Aug 2017

Steps to reproduce the issue

visit http(s)://site/index.php?option=com_media&view=images&asset=com_content&tmpl=component to upload files onto target victim host's Joomla "images" folder

Expected result

Permission denied, I suppose?

Actual result

Success

System information (as much as possible)

NA

Additional comments

tutorial documented @ https://cxsecurity.com/issue/WLB-2017020171

avatar evandrix evandrix - open - 28 Aug 2017
avatar joomla-cms-bot joomla-cms-bot - change - 28 Aug 2017
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 28 Aug 2017
avatar evandrix evandrix - change - 28 Aug 2017
The description was changed
avatar evandrix evandrix - edited - 28 Aug 2017
avatar mbabker
mbabker - comment - 28 Aug 2017

  1. Only exploitable if your site's ACL is massively misconfigured (as in you allow public write access to something)

  2. We really just need to rip out the ACL support in com_media because there are far too many false reports about this

avatar franz-wohlkoenig franz-wohlkoenig - change - 28 Aug 2017
Category ACL com_media
avatar franz-wohlkoenig franz-wohlkoenig - change - 28 Aug 2017
Status New Discussion
avatar brianteeman
brianteeman - comment - 29 Aug 2017

Closed

avatar brianteeman brianteeman - change - 29 Aug 2017
Status Discussion Closed
Closed_Date 0000-00-00 00:00:00 2017-08-29 09:43:28
Closed_By brianteeman
avatar brianteeman brianteeman - close - 29 Aug 2017

Add a Comment

Login with GitHub to post a comment