Header Ads

Deface Menggunakan Contentify Register And Upload Backdoor

Exploit Title   : Contentify Register And Upload Backdoor
Author          : ice-cream - khunerable
Vendor Homepage : http://www.contentify.org/
Vendor Github   : https://github.com/Contentify
Date            : 14 oct 2017
Tested on       : Ubuntu 16.04.2 LTS ( BackBox ), Windows 7

dork :
  inurl:/registration/create intext:"TEAMS" "LATEST MATCHES"

poc :
[-]register
[-]edit profile
[-]upload my shell jpg ( tamper or burpsuite )
[-]if error.. you back to edit profile and refresh page..
[-]copy image location

example
http://www.crea-esports.at/

thnks for :
All member typical idiot security - Gr4c3 - Konslet - All Indonesian Hacker

No comments

Silahkan Komentar dengan bahasa yang sopan

Powered by Blogger.