Defa Squad: 06/15/17

Thursday, June 15, 2017

Tutorial Deface : Deface Metode W2box Vulnerability File Upload

Akhmad Farid M June 15, 2017 0

Kali ini saya akan memposting hasil Riset dan Pengembangan Exploit nya sang Master yaitu E7B_404

POc Name : w2box Vulnerbility File Upload

Dork: intext:"powered by w2box" intitle:"my files"

akses file : www.colicoli.il/path/data/filelu.txt
atau klick kanan file kalian dan pilih open link in new tab

simak aja video nya biar lebih jelas

Akhmad Farid M June 15, 2017 2

======================================================

Author : KaCaK

HomePage : http://www.griadamlar.com

Web App.Name : MEFE EMLAK SCRIPT

Price : N/A

Version : N/A

Software: http://emlak.mefe.net/

Vulnerability Style : File Upload

Bug : File Upload

=======================================================

Google Keyword ( Dork ) : inurl:advert_detail.php?id=

Exploit FCKeditor Artibary File Upload :

http://Site.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Ciri ciri web yang yang bisa di exploit tuh kayak gambar dibawah ini

target.com/advert_detail.php?ID=(angka acak , stiap web berbeda beda )

kalau web vunl ciri cirinya kayak gambar di bawah ini , banyak filenya

Sedangkan web yang gak vunl kosong tampa file

Contoh kalau sudah di exploit

hasil defacean kita ada di

www.site.com/files ( kalo lu rename script pepesan lu jadi index.html)

www.site.com/files/namascriptlu.html ( kalo lu rename script pepesan lu bebas,contoh Cowo.html )

Sekian & semoga bermanfaat

sumber : https://cowokerensteam.blogspot.co.id/2016/09/deface-menggunakan-fckeditor_15.html