Joomla Component com_jwallpapers Arbitrary File Upload

Thursday, 4 August 2016

Joomla Component com_jwallpapers Arbitrary File Upload

==================================================================
Title: Joomla Component com_jwallpapers Arbitrary File Upload
Author: Mr. Error 404 - IndoXploit
Google Dork: inurl:/index.php?option=com_jwallpapers
vuln: /index.php?option=com_jwallpapers&task=upload
output vuln: {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
Thanks to: ./Mister-Y404 & All Member IndoXploit
Greetz: Sanjungan Jiwa - Defacer Tersakiti Team
==================================================================

CSRF Xploit Code:
-> http://pastebin.com/2YenMhz3

NB: Ubah bagian shell_kalian.php dengan nama shell yang kalian ingin kan ( ex: shell.php ), dan juga shell yang kalian upload harus ber-extensi .jpg (ex: shell.jpg). Tanpa haarus menggunakan tamper data dan sebagainyaa.

Setelah Kalian Xploit, maka hasilnya akan tetap sama seperti ini:

tidak ada tulisan error sama sekali.
Shell akses: http://target.com/jwallpapers_files/plupload/shell_kalian.php

5 comments:

NaughtySec said...: Memang Team IndoXploit Grub Yang Hebat Bagi saya; 8/05/2016 2:38 pm
Faiz said...: om..kalo pake php code gimana ya? hehehe; 8/08/2016 11:04 am
Unknown said...: thanks indoploxit ... ilmunya mantap banget,,, gampang dicerna sama orangawam seperti saya,,, Outbound Malang; 8/09/2016 10:49 am
Bang Ico said...: gak work; 3/22/2017 12:36 pm
Anonymous said...: exploit lama, udah susah cari yang vuln; 3/22/2017 2:07 pm

Thursday, 4 August 2016

Joomla Component com_jwallpapers Arbitrary File Upload

5 comments:

Post a Comment

Blog Archive

Popular Posts