• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Tutorial Deface dengan vBulletin Upgrade 0day Exploit

September 14, 2013 by Jack Wilder 19 Comments

Tutorial Deface dengan vBulletin Upgrade 0day Exploit. Oke, ini sebenarnya exploit yang dipublish sekitar seminggu yang lalu. tapi saya baru mempraktekkannya semalam. Dan langsung saya share disini.

Oke, bahan-bahan yang diperlukan adalah
PHP Exploit : Click Here

Exploit :
localhost/vb/install/upgrade.php

Langsung ke langkah pertama, ambil script php explit nya, simpan dengan format .php . Setelah itu terserah mau dijalankan di localhost atau mau diupload di web. 🙂
Mulai berselancar di google nyari target.
Sebagai contoh, target saya adalah http://www.mayzus.my/forum/install/upgrade.php

Anda akan diminta memasukkan customer ID. Ctrl+U dan cari kata CUSTNUMBER .
Disitu ada customer ID nya . Untuk lebih jelasnya lihat ss dibawah :

Langkah ke tiga adalah , buka php exploit yang sudah kalian persiapkan diatas, dan masukkan data-data nya. Untuk username, password dan email silahkan isi sembarang. penting mudah diingat.

Tunggu prosesnya. Lihat ss :

Di situ tertulis “Administrator Account Created” , terlalu lama kalo kita menunggu sampai 18 Langkah.
Langsung s aja ke halaman login. localhost/forum/admincp/
Masukkan user dan password yang sudah dibuat sebelumnya.

Sipp, login sukses !!!

Kalo udah gitu terserah mau diapain :p

http://www.mayzus.my/forum/faq.ph

Sekian dan terimakasih.

Shares

Filed Under: Tutorial Deface Tagged With: Exploit

Reader Interactions

Comments

  1. Anonim says

    September 14, 2013 at 11:39 pm

    nice tutor pak

    Reply
  2. Anonim says

    September 14, 2013 at 11:45 pm

    Yuyud Gaynteng :3

    Reply
  3. Anonim says

    September 15, 2013 at 1:00 am

    Yuyud Gay

    Reply
  4. cak oni says

    September 15, 2013 at 1:17 am

    apalagi gambarnya keren kayak gitu kang makin (y)

    Reply
  5. kolongtulis says

    September 15, 2013 at 2:41 am

    kerren, saya jadi pengen nyoba.

    Reply
  6. Anonim says

    September 15, 2013 at 3:30 am

    cara upload shell nya gmn bang ?

    Reply
  7. Anonim says

    September 15, 2013 at 3:35 am

    how upload shell in vbulletin admincp version 4.

    Reply
  8. Anonim says

    September 15, 2013 at 4:18 am

    yudgay :v

    Reply
  9. myhafiezers says

    September 15, 2013 at 5:06 am

    wih yuyud gaynteng deh :3 tp msih gayntengan viqhril :3

    Reply
  10. Agrin Fauzi says

    September 15, 2013 at 6:21 am

    Thx :v

    Reply
  11. Anonim says

    September 15, 2013 at 7:34 am

    cara upload shellnya ? #terimakasih

    Reply
  12. Anonim says

    September 15, 2013 at 8:07 am

    cara upload shell gimana ? -_-

    Reply
  13. wewewew says

    September 15, 2013 at 9:15 am

    dork yg baru om

    Reply
  14. Anonim says

    September 15, 2013 at 2:48 pm

    bagi dork om

    Reply
  15. Anonim says

    September 16, 2013 at 6:50 am

    masukin shellnya harus ekstensi .xml ya kong yuyud ?

    Reply
  16. Yonathan S.H says

    September 16, 2013 at 7:53 am

    yud mnta dork nya dong.. ~_~

    Reply
  17. Ganes Putra says

    September 17, 2013 at 4:47 am

    dork donk beb :3

    Reply
  18. Anonim says

    September 17, 2013 at 5:46 pm

    Bagi dorknyaa :3

    Reply
  19. Anonim says

    August 24, 2014 at 7:19 am

    mantep

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

WordPress Army Knife CSRF File Upload Vulnerability

Prestashop Module Blocktestimonial File Upload Auto Exploit

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

Shopify Custom Domain or Subdomain Takeover

DNS Hijacking through Social Engineering

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

WordPress 4.7.0/4.7.1 Content Injection Exploit

Uptimerobot.com Custom Domain or Subdomain Takeover

LinuxSec / 65 queries in 0.09 seconds