• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

June 11, 2015 by Jack Wilder 10 Comments

Oke kali ini mau share exploit yang lumayan masih rame. yaitu exploit SQL Injection pada CMS Drupal 7.x dan cara upload shell nya. Oke langsng saja ya tanpa basa basi. Berikut tutor nya.
Google dorks :

  • “powered by drupal”

Tools :

  • Drupal Exploit

Langkah Langkah

Simpan tools exploit diatas dengan ekstensi php dan simpan di hostingan atau di localhost.

Anggap sudah mempunyai target vuln.
Masukkan url ( tanpa http:// ) dan klik “suck it ! ”

Masuk ke url

  • http://site.com/user/login

dan masukkan

  • user : fuckyou
  • pass : admin

Dan..

Lalu masuk ke

  • http://site.com/node/add/article

Ubah format nya ke PHP Code

masukkan source backdoor nya.

Dan buka shell nya di lokasi artikel berada .

Yupp… sekian tutor kali ini, semoga bermanfaat.

Hargai penulis dengans elalu mencantumkan link sumber saat melakukan copy paste 🙂

Shares

Filed Under: SQL Injection, Web Hacking Tagged With: Deface, Exploit, Hacking

Reader Interactions

Comments

  1. Anonim says

    June 13, 2015 at 2:01 pm

    gagal login semua

    Reply
    • chiaki says

      June 14, 2015 at 5:51 am

      target coba ?

      Reply
  2. Anonim says

    June 14, 2015 at 6:13 am

    Succes! User:fuckyou Pass:admin -> http://www.warsoul.pl/user/login
    ======================================Donnazmi==============================================================

    Reply
    • chiaki says

      June 14, 2015 at 7:12 am

      udh di patch paling.
      cba http://www.lesbianpoetryarchive.org/

      Reply
  3. Anonim says

    June 14, 2015 at 7:21 am

    thx bisa. add fb ku bg

    fb.me/HYTHAN7.ID

    Reply
  4. Anonim says

    June 14, 2015 at 7:26 am

    shell acces nya di mana bg

    Reply
    • chiaki says

      June 14, 2015 at 7:36 am

      klo udh di save artikel ya langsung di redirrect ke shell kok

      Reply
  5. Anonim says

    June 17, 2015 at 11:16 pm

    Success tapi gak bisa login juga bro, apa gk vuln ya..?

    Reply
  6. Anonim says

    June 19, 2015 at 4:57 am

    Jos!

    Reply
  7. slimming capsule says

    June 25, 2015 at 7:58 am

    Terimakasih infonya , semoga sukses.
    Silahkan kunjungi juga web kami:

    http://obatflekparuparu.utamakansehat.com/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Heroku Custom Domain or Subdomain Takeover

Exploit WPStore Themes Upload Vulnerability

RCE pada Redis via Master-Slave Replication

Surge.sh Custom Domain or Subdomain Takeover

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

DNS Hijacking through Social Engineering

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Shopify Custom Domain or Subdomain Takeover

Powered by WordPress and Genesis Framework. Style by LinuxSec.