administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x prior to 2.5.14 and 3.x prior to 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
This module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.
msf > use exploit/unix/webapp/joomla_media_upload_exec msf exploit(joomla_media_upload_exec) > show targets ...targets... msf exploit(joomla_media_upload_exec) > set TARGET <target-id> msf exploit(joomla_media_upload_exec) > show options ...show and set options... msf exploit(joomla_media_upload_exec) > exploit