Friday, 21 February 2014

Exploit Joomla: com_maian15

In this tutorial, i'm going to show you how to upload shell using Live Http Header through Joomla component , com_maian15.

Finding Vulnerable Target

Dork : "inurl:option=com_maian15"


Browser: Mozilla Firefox

1- Firstly, copy the dork and paste in google

2- Choose any site

Exploiting Target
1-  Paste the exploit at the end of the site URL.



2-   If it says,   
      saving your images to ../tmp-upload-images/
      or something similar, it means the site is vulnerable.

3-  Now, add name=yourshellname.php at the end of the site URL


4- Hit enter and you will get something like  
     saving your images to ../tmp-upload-images/bcc.php

5- Now, open up your Firefox extension, Live HTTP Header , and refresh the page.

6-  As you can see, in your Live HTTP Header, there is the url of the site. Highlight it and click on replay.

   7- Once you clicked replay, a popup will appear, tick on Send POST Content and paste your shell script in the column. 

8- Click replay , the page will automatically refresh  and your shell is successfully uploaded at

That's all the tutorial for today :P Feels free to leave a comment below :D