• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

June 11, 2015 by Jack Wilder 10 Comments

Oke kali ini mau share exploit yang lumayan masih rame. yaitu exploit SQL Injection pada CMS Drupal 7.x dan cara upload shell nya. Oke langsng saja ya tanpa basa basi. Berikut tutor nya.
Google dorks :

  • “powered by drupal”

Tools :

  • Drupal Exploit

Langkah Langkah

Simpan tools exploit diatas dengan ekstensi php dan simpan di hostingan atau di localhost.

Anggap sudah mempunyai target vuln.
Masukkan url ( tanpa http:// ) dan klik “suck it ! ”

Masuk ke url

  • http://site.com/user/login

dan masukkan

  • user : fuckyou
  • pass : admin

Dan..

Lalu masuk ke

  • http://site.com/node/add/article

Ubah format nya ke PHP Code

masukkan source backdoor nya.

Dan buka shell nya di lokasi artikel berada .

Yupp… sekian tutor kali ini, semoga bermanfaat.

Hargai penulis dengans elalu mencantumkan link sumber saat melakukan copy paste 🙂

Shares

Filed Under: SQL Injection, Web Hacking Tagged With: Deface, Exploit, Hacking

Reader Interactions

Comments

  1. Anonim says

    June 13, 2015 at 2:01 pm

    gagal login semua

    Reply
    • chiaki says

      June 14, 2015 at 5:51 am

      target coba ?

      Reply
  2. Anonim says

    June 14, 2015 at 6:13 am

    Succes! User:fuckyou Pass:admin -> http://www.warsoul.pl/user/login
    ======================================Donnazmi==============================================================

    Reply
    • chiaki says

      June 14, 2015 at 7:12 am

      udh di patch paling.
      cba http://www.lesbianpoetryarchive.org/

      Reply
  3. Anonim says

    June 14, 2015 at 7:21 am

    thx bisa. add fb ku bg

    fb.me/HYTHAN7.ID

    Reply
  4. Anonim says

    June 14, 2015 at 7:26 am

    shell acces nya di mana bg

    Reply
    • chiaki says

      June 14, 2015 at 7:36 am

      klo udh di save artikel ya langsung di redirrect ke shell kok

      Reply
  5. Anonim says

    June 17, 2015 at 11:16 pm

    Success tapi gak bisa login juga bro, apa gk vuln ya..?

    Reply
  6. Anonim says

    June 19, 2015 at 4:57 am

    Jos!

    Reply
  7. slimming capsule says

    June 25, 2015 at 7:58 am

    Terimakasih infonya , semoga sukses.
    Silahkan kunjungi juga web kami:

    http://obatflekparuparu.utamakansehat.com/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

WordPress Army Knife CSRF File Upload Vulnerability

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Prestashop Module Blocktestimonial File Upload Auto Exploit

Uptimerobot.com Custom Domain or Subdomain Takeover

RCE pada Redis via Master-Slave Replication

WordPress Plugin CopySafe PDF Protection Shell Upload

WordPress 4.7.0/4.7.1 Content Injection Exploit

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

LinuxSec / 74 queries in 0.10 seconds