Masih Seperti teknik sebelumnya masih seputar deface shell upload ingat just newbie :D
Vunerablity Ini mungkin agak Mirip dengan wordpress Upload fckeditor . yang dilakukan cuma mengubah conectornya menjadi PHP .
berikut dorknya :
Quote:
inurl: "/Geeklog/"
atau indeks of /Geeklog/fckeditor/editor/manajerfile/upload/test.html
Setelah target didapat masukan exploit :
Quote:
[target]/Geeklog/fckeditor/editor/manajerfile/upload/test.html
Namun di beberapa target mungkin kita akan masuk kedalam root directory situs tersebut maka , silahkan langsung saja om klik file dengan nama test.html atau uploadtest.html .
Rubah conector menjadi PHP .
browse file deface , kemudian upload .
Sample :
Quote:
[You must be registered and logged in to see this link.]Result :
Quote:
[You must be registered and logged in to see this link.]
Subyek: Deface dork Geeklog Upload [ Vunerablity ] ![Deface dork Geeklog Upload [ Vunerablity ] Icon_minitime](https://2img.net/i/fa/icon_minitime.gif){kind=icon}
Sat Apr 21, 2012 10:27 pm![Deface dork Geeklog Upload [ Vunerablity ] I_vote_lcap](https://2img.net/s/t/17/30/79/i_vote_lcap.png){kind=small}
![Deface dork Geeklog Upload [ Vunerablity ] I_voting_bar](https://2img.net/s/t/17/30/79/i_voting_bar.png){kind=small}
![Deface dork Geeklog Upload [ Vunerablity ] I_vote_rcap](https://2img.net/s/t/17/30/79/i_vote_rcap.png){kind=small}
