Tutorial Deface : Metode KCFinder | shell Upload Vulnerability [ fresh dork ] - Defa Squad

Tuesday, June 27, 2017

Home Tutorial Deface Tutorial Deface : Metode KCFinder | shell Upload Vulnerability [ fresh dork ]

Tutorial Deface : Metode KCFinder | shell Upload Vulnerability [ fresh dork ]

June 27, 2017 Tutorial Deface,

Tehnik ini sangat simple, dimana kita hanya mengupload file saja, tanpa harus susah mencari cela yang ribet, ini cuma untuk pemula banget, buat mastahnya mohon koreksi kalo ada kesalahan :* .

Dork

Ini Silahkan dikembangkan :D

inurl:/kcfinder/browse.php
inurl:/kcfinder/upload.php [ Jika Makek Exploiter ]

Lokali File : /kcfinder/upload/files/namascript.html

Langkah Deface Website Metode KCFinder

1. Copy Dork sesuai keinginan, Paste and Search di Google :D kan ada banyak target yang muncul tuh, pilih aja salah satu dulu :D

Deface Website Metode KCFinder | File Upload Vulnerability

Deface Website Metode KCFinder | File Upload Vulnerability

2. Jika sudah di pilih, jika web itu Vuln akan tampil seperti dibawah ini, kemudian kita klik Upload / Icon Upload, untuk upload File Deface kita, bisa berformat [ gambar / file ] tetapi lebih banyak support file gambar.

Deface Website Metode KCFinder | File Upload Vulnerability

Deface Website Metode KCFinder | File Upload Vulnerability

3. Pilih file deface anda, atau shell jika punya shell :D

Deface Website Metode KCFinder | File Upload Vulnerability

Deface Website Metode KCFinder | File Upload Vulnerability

4. Tunggu sebentar, nanti akan tampil tuh file yang kita pilih tadi, jika muncul error biasanya karena Format Extensi file tidak support, silahka ganti file ente :D atau coba make Tamper Data :p

Deface Website Metode KCFinder | File Upload Vulnerability

Deface Website Metode KCFinder | File Upload Vulnerability

5. Kemudian panggil file deface anda, tambahkan /upload/files/namafile.htmldibelakang /KCFinder/, jika beruntung maka akan tampli tuh script deface ente, jika not found coba cari letak filenya, biasanya sudah dirubah sama admin webnya :D

Deface Website Metode KCFinder | File Upload Vulnerability

Deface Website Metode KCFinder | File Upload Vulnerability

Video Deface Website Metode KCFinder

Deface Website Metode KCFinder | File Upload Vulnerability

Target Live

Ini Beberapa Web yang Vuln di KCFinder

http://www.careersinmorocco.com/www3/assets/js/ckeditor/kcfinder/upload/files/mw.txt
http://www.oonohousing.com//member/topics/files/mw.html
http://www.metiskalip.com.tr/ExtImages/files/mw.html
http://www.hraminfo.ru/novosti/admin/ckeditor/kcfinder/upload/files/mw.html
http://www.just-deliver.de/uploads/manager/files/index.html
http://www.unitysouthwestregion.com/data/plugins/kcfinder/upload/files/mw.html
http://dunningneighborhood.org/sites/default/files/civicrm/persist/contribute/files/mw.html
http://grossiste-tissus.fr/ckeditor/kcfinder/upload/files/Pringsewu.jpg
http://esg.itd.cnr.it/kcfinder/upload/files/mw.html
http://akadalymentes.martonvasar.hu/ckeditor/kcfinder/upload/files/mw.html
http://www.neotekautoparts.com.tw//Uploads/kcfinder/files/x.html
http://www.bmk.lt/file/manual/files/x.html
http://sontraining.it//pages/files/x.html
http://tangailresthouse.org/uploads/files/x.html
http://www.endivesoftware.com/blog/kcfinder/upload/files/x.html
http://www.espansionesrl.com/pages/files/x.html

sumber -> disini

1 comment:

UnknownJuly 9, 2017 at 4:50 AM
kok ngga bisa ya bro
ReplyDelete
Replies

Subscribe to: Post Comments (Atom)

Crafted with by All Kun