-Register for Learning.
-Read forum rules before register.
-Register for see full topics.
*Active on Forum*

Teknik deface remote file upload vulnerability

Share

mardiana88
member
member

Jumlah posting : 33
Reputation : 0
Join date : 30.10.12
Age : 26
Lokasi : jember

Teknik deface remote file upload vulnerability

Post by mardiana88 on Mon Sep 22, 2014 2:35 pm

Teknik deface remote file upload vulnerability
DORK : inurl:/editor/editor/filemanager/
inurl:/HTMLEditor/editor/"

1. copas salah satu dork diatas
2. Pilih salah satu web target
3. Kemudian Ganti Kode
editor/editor/filemanager/browser/mcpuk/images/icons/32/ menjadi editor/editor/filemanager/upload/test.html
4. contoh: www.tritor.com.br/editor/editor/filemanager/browser/mcpuk/‎ menjadi www.tritor.com.br/editor/editor/filemanager/upload/test.html
5. jika sudah masukk, ganti ASP menjadi PHP
6. pilih file deface sobat
6. pilih send to server
Jika berhasil nanti akan muncul Pesan jika file yang upload file with no error, dan pada kotak ( Upload File URL ) akan memberikan patch dimana file sobat berada.
7. Copykan saja file yang ada di ( Upload File URL ) lalu taruh dibelakang site target, jadi nanti akan terlihat seperti ini :http://www.tritor.com.br/editor/images/67124.html

    Waktu sekarang Sat Dec 10, 2016 6:10 am