Jumat, 26 Oktober 2018

CMS Reservation Arbitary File Upload

CMS Reservation Arbitary File Upload.



Ok kita siapin bahan bahan nya

- Dork : inurl:"/reservation/img/products/"
- CSRF Online : Klik Disini!
- Shell Backdoor ext .jpg.php ( Tambahkan GIF89a di shell / uploader. )
- Exploit : editpicexec.php
- Gans ( Wajib :3 )

Ok langsung aja ke tutorialnya, ikutin step by step ya

1. Dorking menggunakan google image, dan pilih target kalian





2. Masukin exploitnya,( jika blank kemungkinan vuln )




3. Buka csrf, masukan url target kalian dan isi post data dengan " image " , LOCK!


4. Pilih shell / uploader kalian, dan upload!


 5. Vuln? jika vuln akan direct ke login page / dashboard page


6. Buka akses shell / uploader kalian di, www.site.com/reservation/img/products/shell.jpg.php


7. BOOM! Uploader saya terupload.




Ok sekian dari saya, jika tertarik/suka jangan lupa di share ^_^

Terimakasih.


Lorem ipsum is simply dummy text of the printing and typesetting industry.

6 comments

itu targetnya cuma namadomain.com atau namadomain.com/namafolder ?

namadomain.com/editpicexec.php kaka

Komentar ini telah dihapus oleh pengarang.


EmoticonEmoticon