• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Ajax File Manager | File Upload Vulnerability

June 16, 2013 by Jack Wilder 7 Comments

Kali ini saya akan share cara deface dengan exploit Ajax File Manager | File Upload Vulnerability. Exploitnya sangat mudah dipraktekkan. Cocok bagi newbie yang baru belajar deface. 🙂 .
Oke, langsung saja kita mulai. Hehehehehe.
. Dork :
inurl:”ajaxfilemanager.php?page=” intitle:”ajax file manager” (kembangkan sendiri)
. File berekstensi .txt

Langkah Langkah :
1. Mulai cari target di google dengan dork diatas. 🙂
Sebagai contoh, saya pilih http://www.szfo-redcross.ru/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=22

2. Lalu klik tombol upload di pojok kanan atas.

3. Kemudian upload file sobat. File harus berekstensi .txt . Sebaagi contoh, saya menguplaod filedengan nama jeje.txt
5. Jika sudah, klik file yang tadi sobat upload.

4. Akan terbuka link dimana file sobat berada. 🙂
http://www.szfo-redcross.ru/tiny_mce/plugins/uploaded/jeje.txt

Sekian tutorial kali ini. Semoga bermanfaat. 🙂

Shares

Filed Under: Uncategorized Tagged With: Hacking

Reader Interactions

Comments

  1. Irfan VBH says

    June 17, 2013 at 12:15 am

    selalu hadir mas 😀

    Nice Info Thanks 😀

    #JokerTeamChild

    Reply
  2. Mas Nady says

    June 17, 2013 at 1:09 am

    kunjungan pagi sambil nyimak nyimak saja sob.. seperti biasa saya kurang paham dengan cara beginian.. hehehe

    Reply
  3. Abed Saragih says

    June 17, 2013 at 2:32 am

    Sob lama-lama disini bisa jadi smart juga karena tiap harinya post deface ya 🙂

    Reply
  4. cak oni says

    June 17, 2013 at 6:08 am

    wihh masalah deface nih kang , keren" ,, nyimak

    Reply
  5. Rusydi Hikmawan says

    June 17, 2013 at 11:18 am

    jadi inget kasus deface web kpu tahun 2004. tapi yg paling aman pasti domain2 gratisan kayak blogger. gak ada sejarahnya bisa di-deface

    Reply
  6. budi os 19 says

    June 17, 2013 at 12:53 pm

    ane pikir ajax amsterdam mas…hehe
    ga tau nya masih seputar deface ya…
    #lanjut… 🙂

    Reply
  7. Anonim says

    July 18, 2013 at 2:54 pm

    tess

    http://www.szfo-redcross.ru/tiny_mce/plugins/uploaded/Slow%20Bae.html

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Zendesk Custom Domain or Subdomain Takeover

Deface WordPress dengan Exploit WordPress Plugins WPShop File Upload Vulnerability

GitHub Custom Domain or Subdomain Takeover

Hack Targeted Website using Reverse IP

Readme.io Custom Domain or Subdomain Takeover

Cara Mendapatkan RDP Gratis Dengan Shell Windows

MIME Type Sniffing pada Form Upload Gambar

Deface dengan Metode Timthumb Remote Code Execution

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

Laravel PHPUnit Remote Code Execution

LinuxSec / 65 queries in 0.09 seconds