How to upload a shell in Magento

0

After getting Magento admin credentials, you will need to upload a shell. You can do that by uploading a Magento package containing the PHP shell.

You can download the package from here:

https://github.com/lavalamp-/LavaMagentoBD

or

https://github.com/P34C3-07/LavaMagentoBD

 

In the package files, place your shell in the following path here, put your malicious shell inside the “IndexController.php” file.

/app/code/community/Lavalamp/Connector/IndexController.php

 

The next step is to go to http://192.168.1.101/downloader/, then upload your package from the direct package file upload form here:

Magento Connect manager

You will get a message like that after a successful upload:

Magento package uploaded

In the end, you can access your shell by visiting the following link:

http://192.168.1.101/app/code/community/Lavalamp/Connector/controllers/IndexController.php

Enjoy! 🙂

Leave A Reply

Your email address will not be published.