Oke, langsung aja nih caranya
Seperti biasa nyarinya lewat paman google.
( Dorknya copy ke search engine google )
Dork nya :
SUPPORT BY OPENCART atau
Powered By OpenCart site:com (site nya bisa kamu ganti,seperti my,il, dll yang penting suport opencart)
Klo pengen smuanya, site nya ilangin jadi gini aja
Powered By OpenCartDetail exploitnya adalah:Shell
==========================================
Opencart remote file Upload Vulnerability
==========================================
#Exploit Title: Opencart remote file uploade
#Author: Net.Edit0r
#Email:
[You must be registered and logged in to see this link.] ~
[You must be registered and logged in to see this link.]#Google dork:
d/download#Platform :linux/php ######################################Iranian HackerZ#################################### # [You must be registered and logged in to see this link.] Example site: [You must be registered and logged in to see this link.] Select the "File Upload" To use = php# [You must be registered and logged in to see this link.] Sh3ll : [You must be registered and logged in to see this link.] OR# [You must be registered and logged in to see this link.] ######################################Demo Example#################################### #Demo : [You must be registered and logged in to see this link.] : [You must be registered and logged in to see this link.] ######################################################################################### #Spical Thanks To >> Darkcoder ~ Classic ~ Jenne bamaram ~ S3Ri0uS ~_AriaNet_ And All B0x ((Web : ( [You must be registered and logged in to see this link.] ))) ########################################## End ##########################################[table class="crayon-table" cellpadding="0" cellspacing="0"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
========================================== Opencart remote file Upload Vulnerability ========================================== #Exploit Title: Opencart remote file uploade #Author: Net.Edit0r #Email: [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] #Google dork: [inurl:Powered By OpenCart #Software Link: [You must be registered and logged in to see this link.] #Platform :linux/php ######################################Iranian HackerZ#################################### # [You must be registered and logged in to see this link.] # Example site: [You must be registered and logged in to see this link.] # Select the "File Upload" To use = php # [You must be registered and logged in to see this link.] # Sh3ll : [You must be registered and logged in to see this link.] # OR # [You must be registered and logged in to see this link.] ######################################Demo Example#################################### #Demo : [You must be registered and logged in to see this link.] #Demo : [You must be registered and logged in to see this link.] ######################################################################################### #Spical Thanks To >> Darkcoder ~ Classic ~ Jenne bamaram ~ S3Ri0uS ~ _AriaNet_ And All B0x ((Web : ( [You must be registered and logged in to see this link.] ))) ########################################## End ########################################## |
Langsung ke caranya,
Jika kamu sudah mendapatkan target nyaContoh Target: [You must be registered and logged in to see this link.] bisa juga
[You must be registered and logged in to see this link.],
[You must be registered and logged in to see this link.], dll.
Klo udah dapet targetnya tinggal kita inject exploitnya
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.htmlJadinya kaya gini:
[You must be registered and logged in to see this link.] Klo ketemu yang kya gini
[You must be registered and logged in to see this link.] kamu inject di belakang
/shop/ nya..
Jangan lupa connector waktu uploadnya di ganti jadi PHP Lalu
kamu upload deh file defacenya, jika berhasil maka ada bacaan alert seperti ini “
file uploaded with no errors”
Untuk melihat apakan berhasil di upload atau tidak kamu ke “
Get Folders and Files” dan lihat hasilnya…
[You must be registered and logged in to see this link.]Jika berhasil kamu tinggal masukin nama file deface kamu di blakang site nya,,
Contoh hasil deface ane nih
[You must be registered and logged in to see this link.][You must be registered and logged in to see this image.]Gampang kan ?
Selamat mencoba yaa…
[You must be registered and logged in to see this link.]*Budayakan Berbagi* & Jangan lupa gabung disini:
[You must be registered and logged in to see this link.]