Display results as :

Rechercher Advanced Search

Latest topics
» Doc Prog Cles_ANTIDEME10.rar
Mon Oct 12, 2015 12:26 am by delsch

» Ren Hirakawa
Mon Oct 05, 2015 10:15 am by delsch

» Whatsapp For Java Os
Fri Oct 02, 2015 7:21 am by delsch

» KMSpico 9.3.1 Final Windows 8.1 Activator Is Here
Thu Oct 01, 2015 8:09 am by delsch

» My Movies Pro Mac Torrent 6
Fri Sep 25, 2015 6:29 am by delsch

» Wapking Chennai Express Movie Trailer
Tue Sep 15, 2015 4:23 pm by delsch

» Daftar Lagu Keroncong Dan Penciptanya.rar Checked
Tue Sep 15, 2015 10:43 am by delsch

» NewBlue FX (Motion
Mon Aug 24, 2015 1:13 pm by delsch

» My Wife\'s Success - A Sissy Cuck Tale
Mon Aug 10, 2015 7:55 am by delsch

December 2015

Calendar Calendar

free forum

JomSocial ~ Joomla Shell Upload Vulnerability

View previous topic View next topic Go down

JomSocial ~ Joomla Shell Upload Vulnerability

Post  Admin on Sat Feb 25, 2012 10:52 pm

tuff you need:
A Shell
Tamper Data
Vulnerable Site
& a Brain Smile

1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*


Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.

Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN! Arrow cheers


Posts: 11
Join date: 2012-02-25
Age: 20
Location: Nangal,Ropar,Punjab

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum