Deface Dengan Open Journals System Arbitrary File Upload
Bahan- Bahan :
1. Dork :/index.php/index/user/register"
(baca juga Dork Open Journal System)
2. Imajinasi vokepers kalian buat kembangin dork.
3. Shell berekstensi .phtml
Step by Step :
1. Dorking (biasa aja dorking nya)
2. Kalo udah pilih target, mending cek dlu vuln apa ngga nya, kalo ane cara ngecek publik files nya cuma nambahin /Files/Journals
di belakang url target, Contoh : www.site.com/files/journals
( klo vuln nanti keluar public files nya , kalo Not Found atatu forbidden ga vuln )
di belakang url target, Contoh : www.site.com/files/journals
( klo vuln nanti keluar public files nya , kalo Not Found atatu forbidden ga vuln )
3. kalo target vuln pas di public files , kalian balik lagi ke halaman register.
4. Register deh, asalan juga gpp.
![Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnIBQxqEWO1Ja9xGPXHvnytIMErAfBVqHxMVuLux5oDNMyh8xR-k0GfOsDsoya9XDN17Y8LV_ylEEho0wIZj4F4V73LvVr3hrYuS_TnWsU5G87roS9_JagyIMs2vzy8AOQyVwtiRLG5Ic_/s1600/Screenshot+%2528144%2529.png "Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]") |
| Note : Di bagian siu ceklis kotak Author : blablabla |
5. Setelah selesai daftar, calon pemudik, klik New Submission (kalo target ane bahasanya ane)
![Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2rD9RjGhBvnnZZI1-7Kb6YaNO-Hgexze8FEOJMSm-MpvuNZSs_qw1-CUKom1Gn8uBC3bkJlNHyEBKZpZlUVHMvM52j_V4O03h5C_YbaKvQ2U7zVee0N_0iIupMcj1HirY5yBAsVYmZfh-/s1600/Screenshot+%2528145%2529.png "Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]") |
| Biasanya letak nya di situ |
6. Ikutin dah apa yang di suruh.. nanti pas Step ke2 baru bisa upload shell
![Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDlwmT9WU3GlQd7J30qXQPQ9_T60ALMK_7y6JDraMNRqTFkkOH1V8myD1AbQcN6W-l0oa4rLCbAy1fgSkFrxbazS3qL3QA3FxCOa5iLOzcaGanRCspDDeDupMie7x6yRwfADWJQK3q5l3w/s1600/Screenshot+%2528147%2529.png "Deface Dengan Open Journals System Arbitrary File Upload [Edisi Lebaran]")
7. Kalo sukses, hasil nya akan, (cantik, mulus, bohay)
 |
| Sukses |
8. Akses shell adalah hal paling ribet, klo kalian kaga cepet paham.
kita pergi ke Public Files , www.site.com/files/journals ( nanti oprek2 sendiri ,cari file mu di situ ) atau biasanya
kita pergi ke Public Files , www.site.com/files/journals ( nanti oprek2 sendiri ,cari file mu di situ ) atau biasanya
www.sitetarget.co.li/files/journals/1/articles/[iduser]/submission/original/[nama file].phtml
238 adalah id user dan 238-22-1-SM.phtml adalah file nya.
Sumber : GarudaSecHacker
238 adalah id user dan 238-22-1-SM.phtml adalah file nya.
Sumber : GarudaSecHacker
sama aja coeg kaya ojs biasa :v
ReplyDelete