JomSocial ~ Joomla Shell Upload Vulnerability
Page 1 of 1
JomSocial ~ Joomla Shell Upload Vulnerability
tuff you need:
Firefox
A Shell
Tamper Data
Vulnerable Site
& a Brain
Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*
Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos
Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".
Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.
Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.
Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.
Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN!
Firefox
A Shell
Tamper Data
Vulnerable Site
& a Brain
Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*
Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos
Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".
Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.
Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.
Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.
Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN!
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Sun Feb 26, 2012 7:03 pm by Admin
» How to Install Skype on Ubuntu Linux
Sun Feb 26, 2012 4:32 pm by Admin
» INTERNET DOWNLOAD MANAGER 6.07 CRACK AND PATCH
Sun Feb 26, 2012 1:05 pm by Admin
» AVIRA ANTIVIRUS PREMIUM 2012 12.0.0.888 [FINAL] [CRACK] [SERIAL KEY]
Sun Feb 26, 2012 8:31 am by Admin
» SQL Hacking Part 1
Sun Feb 26, 2012 8:26 am by Admin
» JomSocial ~ Joomla Shell Upload Vulnerability
Sat Feb 25, 2012 10:52 pm by Admin
» Virtual Box Full Download Link
Sat Feb 25, 2012 10:35 pm by Admin
» How to made your own phishing pages for facebook?
Sat Feb 25, 2012 10:21 pm by Admin
» HAVIJ SQL TOOLS FREE CRACK: [FULL VERSION] [CRACK]
Sat Feb 25, 2012 9:58 pm by Admin