# Exploit Title: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
# Google Dork: inurl:''com_gmapfp''
# Exploit Author: ThelastVvV
# Vendor Homepage: https://gmapfp.org/
# Version:Version J3.5 /J3.5free
# Tested on: Ubuntu
# CVE: CVE-2020-23972
# Description:
An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions
# PoC:
Version J3.5
http://127.0.0.1/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload
-Once the attacker can locate the unauthenticated file upload form then the attacker can bypass the restriction by changing content-type and name file double extensions file.html.gif then can open file.html
# Impact
the attacker can upload malicious files can cause defacement of the site or uploading large amount of file til causes denial of service attack to Webapp/Server
# Dir File Path:
http://127.0.0.1///images/stories/gmapfp/test.html.gif
http://127.0.0.1///images/stories/gmapfp/test.html
http://127.0.0.1///images/gmapfp/test2.html.gif
http://127.0.0.1///images/gmapfp/test2.html.gif
This post was last modified on 1 December 2020 4:14 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment