Display results as :

Rechercher Advanced Search

Latest topics
» NewBlue FX (Motion
Mon Aug 24, 2015 1:13 pm by delsch

» My Wife\'s Success - A Sissy Cuck Tale
Mon Aug 10, 2015 7:55 am by delsch

» My Wife\'s Success - A Sissy Cuck Tale
Mon Aug 10, 2015 7:50 am by delsch

» MommyGotBoobs.09.09.25.Stephanie.Wylde.Nerd.To.Stud.In.One.S
Thu Jul 09, 2015 11:07 am by kelwyn

» Free Download Aplikasi Web Nexian Tm 019 Hit
Mon Jul 06, 2015 4:13 am by kelwyn

» Emma Mae 2014
Mon May 25, 2015 5:46 am by kelwyn

» Diffrent Ways Of Hacking Facebook Account
Sun Feb 26, 2012 7:03 pm by Admin

» How to Install Skype on Ubuntu Linux
Sun Feb 26, 2012 4:32 pm by Admin

Sun Feb 26, 2012 1:05 pm by Admin

August 2015

Calendar Calendar

free forum

JomSocial ~ Joomla Shell Upload Vulnerability

View previous topic View next topic Go down

JomSocial ~ Joomla Shell Upload Vulnerability

Post  Admin on Sat Feb 25, 2012 10:52 pm

tuff you need:
A Shell
Tamper Data
Vulnerable Site
& a Brain Smile

1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*


Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.

Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN! Arrow cheers


Posts: 11
Join date: 2012-02-25
Age: 20
Location: Nangal,Ropar,Punjab

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum