Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» Diffrent Ways Of Hacking Facebook Account
Sun Feb 26, 2012 7:03 pm by Admin

» How to Install Skype on Ubuntu Linux
Sun Feb 26, 2012 4:32 pm by Admin

» INTERNET DOWNLOAD MANAGER 6.07 CRACK AND PATCH
Sun Feb 26, 2012 1:05 pm by Admin

» AVIRA ANTIVIRUS PREMIUM 2012 12.0.0.888 [FINAL] [CRACK] [SERIAL KEY]
Sun Feb 26, 2012 8:31 am by Admin

» SQL Hacking Part 1
Sun Feb 26, 2012 8:26 am by Admin

» JomSocial ~ Joomla Shell Upload Vulnerability
Sat Feb 25, 2012 10:52 pm by Admin

» Virtual Box Full Download Link
Sat Feb 25, 2012 10:35 pm by Admin

»  How to made your own phishing pages for facebook?
Sat Feb 25, 2012 10:21 pm by Admin

» HAVIJ SQL TOOLS FREE CRACK: [FULL VERSION] [CRACK]
Sat Feb 25, 2012 9:58 pm by Admin

October 2014
MonTueWedThuFriSatSun
  12345
6789101112
13141516171819
20212223242526
2728293031  

Calendar Calendar

Affiliates
free forum


JomSocial ~ Joomla Shell Upload Vulnerability

View previous topic View next topic Go down

JomSocial ~ Joomla Shell Upload Vulnerability

Post  Admin on Sat Feb 25, 2012 10:52 pm

tuff you need:
Firefox
A Shell
Tamper Data
Vulnerable Site
& a Brain Smile

Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*

Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos

Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.

Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN! Arrow cheers

Admin
Admin

Posts: 11
Join date: 2012-02-25
Age: 19
Location: Nangal,Ropar,Punjab

View user profile http://punjabihackers.tk

Back to top Go down

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum