Friday

Remote File Upload Exploit Vulnerabil tadbir CMS (fckeditor)

simple tutor/exploit deface CMS upload file dri ane.....


 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
| Application Info:
| Name: Tadbir CMS
| Autor:Surabayag3tar
|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
| Vulnerability Info:
| Type: Remote Arbitrary File Upload
| Risk: High
| Dork:coba2 aj...
| inurl:/editor/editor/filemanager/
| (wii tambahin om andre :D)
| inurl:/HTMLEditor/editor/"
| atau
|"inurl:/HTMLEditor/editor//filemanager/"|atau
||"inurl:/HTMLEditor/editor/filemanager/connectors/"
|
|
|
| atau
| http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
|__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __

dork diatas ^ isi kn d google, cri trget...klo dpt


inject kn exploit ny d atas....
jdinya.......

pada [Select the "File Uploader" to use: ] <----- pilih PHP

trus upload html kmu.....
klik send it to server, kalo sukses or terapload maka pada kotak [Uploaded File URL:] akan memberikan patch dmn file kmu terupload

ex yg kluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html

mudah kn....hehehehehe
 YG GK PUNYA HTML DEFACE SILAHKAN http://andredejavu.110mb.com/deface.php CTRL+U
silahkan d coba n mdah2an bsa d mengerti...... :D:D

By : Andre Pangestu

Remote File Upload Exploit Vulnerabil tadbir CMS (fckeditor) Rating: 4.5 Diposkan Oleh: Unknown

0 komentar:

Post a Comment