I think every “hacker wannabe” and infose specialist do follow exploitdb’s twitter account. well maybe not all but most of them do. I was drinking coffee this morning (actually it’s 3 in the morning) and stumbled to exploitdb’s tweet.
Simple File Upload is a Joomla module from wasen.net. It gives a site visitor the capability to ‘simply’ upload an image file. It should have been named as Simple Image Upload in my opinion. Another great purpose is that it acts like a php shell. Helping hackers like shipc0de to upload an even more appropriate shell (lol). In the submitted exploit, the version is Simple file Upload 1.3. This really made me exhausted trying the exploit for an hour. So I decided why not go one level down. So from Simple File Upload 1.3, I got down to 1.2 after browsing in the extension’s changelog. They seemed to have patched the vulnerability in 1.3.
The Simple File Upload 1.2 exploit suffers just like the classic DNN Exploit. They both suffer from a lack of what I call submitted-data checking (tbh, just wanted to sound cool lol). All you need to do is change the content-type of the post data. I will not go further into details though but I will give you hints just to make your visit in this article worth reading (lol).
The exploit can be done by creating an image file that has a malicious PHP code inside. I assume that readers like you will know what I am talking about. As for the webmasters, you may want to update now to Simple File Upload 1.3 though it is exploitable too 😀