• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Ajax File Manager | File Upload Vulnerability

June 16, 2013 by Jack Wilder 7 Comments

Kali ini saya akan share cara deface dengan exploit Ajax File Manager | File Upload Vulnerability. Exploitnya sangat mudah dipraktekkan. Cocok bagi newbie yang baru belajar deface. 🙂 .
Oke, langsung saja kita mulai. Hehehehehe.
. Dork :
inurl:”ajaxfilemanager.php?page=” intitle:”ajax file manager” (kembangkan sendiri)
. File berekstensi .txt

Langkah Langkah :
1. Mulai cari target di google dengan dork diatas. 🙂
Sebagai contoh, saya pilih http://www.szfo-redcross.ru/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=22

2. Lalu klik tombol upload di pojok kanan atas.

3. Kemudian upload file sobat. File harus berekstensi .txt . Sebaagi contoh, saya menguplaod filedengan nama jeje.txt
5. Jika sudah, klik file yang tadi sobat upload.

4. Akan terbuka link dimana file sobat berada. 🙂
http://www.szfo-redcross.ru/tiny_mce/plugins/uploaded/jeje.txt

Sekian tutorial kali ini. Semoga bermanfaat. 🙂

Filed Under: Uncategorized Tagged With: Hacking

Reader Interactions

Comments

  1. Irfan VBH says

    June 17, 2013 at 12:15 am

    selalu hadir mas 😀

    Nice Info Thanks 😀

    #JokerTeamChild

    Reply
  2. Mas Nady says

    June 17, 2013 at 1:09 am

    kunjungan pagi sambil nyimak nyimak saja sob.. seperti biasa saya kurang paham dengan cara beginian.. hehehe

    Reply
  3. Abed Saragih says

    June 17, 2013 at 2:32 am

    Sob lama-lama disini bisa jadi smart juga karena tiap harinya post deface ya 🙂

    Reply
  4. cak oni says

    June 17, 2013 at 6:08 am

    wihh masalah deface nih kang , keren" ,, nyimak

    Reply
  5. Rusydi Hikmawan says

    June 17, 2013 at 11:18 am

    jadi inget kasus deface web kpu tahun 2004. tapi yg paling aman pasti domain2 gratisan kayak blogger. gak ada sejarahnya bisa di-deface

    Reply
  6. budi os 19 says

    June 17, 2013 at 12:53 pm

    ane pikir ajax amsterdam mas…hehe
    ga tau nya masih seputar deface ya…
    #lanjut… 🙂

    Reply
  7. Anonim says

    July 18, 2013 at 2:54 pm

    tess

    http://www.szfo-redcross.ru/tiny_mce/plugins/uploaded/Slow%20Bae.html

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Zendesk Custom Domain or Subdomain Takeover

Cracking FTP Password using Hydra on BackBox Linux

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

Deface WordPress dengan Exploit WordPress Plugins WPShop File Upload Vulnerability

DNS Hijacking through Social Engineering

Surge.sh Custom Domain or Subdomain Takeover

Arti dari Kata Deface yang Sering Dibahas oleh para Hacker

Uptimerobot.com Custom Domain or Subdomain Takeover

Deface dengan Metode Timthumb Remote Code Execution

Open Redirect Bypass Cheat Sheet

LinuxSec / 13 queries in 0.09 seconds