• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface Dengan Pligg CMS CSRF Add Admin Exploit

August 25, 2015 by Jack Wilder Leave a Comment

Oke lama tidak share tutor tentang exploit, kali ini saya mau share tutor deface dengan judul Pligg CMS CSRF Add Admin Exploit. Exploitnya cukup mudah. Langsung saja bahan bahannya :Exploiter nya :
Download disini.

  • Dork :
    intext:”Made wtih Pligg CMS”

Langkah langkah :
Save exploiternya dalam bentuk PHP.
Pada bagian

<form action="http://localhost/jmbut/admin/admin_users.php"method="post" id="createUserForm" name="exploit" onsubmit="returncheckValidation()">

Sesuaikan dengan url target. Begitu juga dengan username , email dan password nya.

Lalu jalankan exploiternya di Localhost atau hostingan kalian. Maka akan di redirrect ke halaman login web korban.

Jika step step nya benar maka kalian langsung masuk ke halaman admin :

Mudah bukan ?
Selamat mencoba.

Exploit Author: Arash Khazaei ( Exploit-DB )

Shares

Filed Under: Tutorial Deface Tagged With: Deface, Exploit

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Hack Targeted Website using Reverse IP

Mass Deface setelah Rooting Server

WordPress Plugin CopySafe PDF Protection Shell Upload

MIME Type Sniffing pada Form Upload Gambar

Open Redirect Bypass Cheat Sheet

Laravel PHPUnit Remote Code Execution

Uptimerobot.com Custom Domain or Subdomain Takeover

Tool Deface Opencart Bruteforce and Upload Image

Reverse Shell From Local File Inclusion Exploit

Exploit WordPress Plugin WP Mobile Edition Local File Disclosure Vulnerability

LinuxSec / 63 queries in 0.08 seconds