Thursday, 4 August 2016

Joomla Component com_jwallpapers Arbitrary File Upload

==================================================================
Title: Joomla Component com_jwallpapers Arbitrary File Upload
Author: Mr. Error 404 - IndoXploit
Google Dork: inurl:/index.php?option=com_jwallpapers
vuln: /index.php?option=com_jwallpapers&task=upload
output vuln: {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
Thanks to: ./Mister-Y404 & All Member IndoXploit
Greetz: Sanjungan Jiwa - Defacer Tersakiti Team
==================================================================

CSRF Xploit Code:
-> http://pastebin.com/2YenMhz3


NB: Ubah bagian shell_kalian.php dengan nama shell yang kalian ingin kan ( ex: shell.php ), dan juga shell yang kalian upload harus ber-extensi .jpg (ex: shell.jpg). Tanpa haarus menggunakan tamper data dan sebagainyaa.

Setelah Kalian Xploit, maka hasilnya akan tetap sama seperti ini:


tidak ada tulisan error sama sekali.
Shell akses: http://target.com/jwallpapers_files/plupload/shell_kalian.php

5 comments:

  1. Memang Team IndoXploit Grub Yang Hebat Bagi saya

    ReplyDelete
  2. om..kalo pake php code gimana ya? hehehe

    ReplyDelete
  3. thanks indoploxit ... ilmunya mantap banget,,, gampang dicerna sama orangawam seperti saya,,, Outbound Malang

    ReplyDelete
  4. Replies
    1. exploit lama, udah susah cari yang vuln

      Delete